Versions (4)
Version DetailsCurrent
Rev: 1 • Aug 2, 2021, 12:00 PMET EXPLOIT Apache Cocoon <= 2.1.x LFI (CVE-2020-11991)
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Apache Cocoon <= 2.1.x LFI (CVE-2020-11991)"; flow:established,to_server; http.uri; content:"/v2/api/product/manger/getInfo"; nocase; http.request_body; content:"ENTITY"; nocase; pcre:"/^\s+?[^\s\>]+?\s+?SYSTEM\s/Ri"; content:"DOCTYPE"; nocase; fast_pattern; content:"SYSTEM"; nocase; content:"file|3a|//"; nocase; distance:0; reference:url,www.cnblogs.com/0day-li/p/13663350.html; reference:url,github.com/projectdiscovery/nuclei; reference:cve,2020-11991; classtype:attempted-admin; sid:2033641; rev:1; metadata:created_at 2021_08_02, cve CVE_2020_11991, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_08_02;)
Aug 2, 2021, 12:00 PM
Aug 2, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 9, 2025, 9:34 PM
rules/emerging-exploit.rules