ET EXPLOIT Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type SYMBOL

SID: 2016176Rev: 70 views
History
Sourceet/open
CreatedJanuary 9, 2013
UpdatedJuly 14, 2022
Classificationweb-application-activity
alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type SYMBOL"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"|20|type="; nocase; fast_pattern; content:"symbol"; distance:0; nocase; pcre:"/<[^>]*\stype\s*=\s*[\x22\x27]symbol[\x22\x27]/i"; http.content_type; pcre:"/^(?:application\/(?:x-)?|text\/)xml/"; reference:url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ; classtype:web-application-activity; sid:2016176; rev:7; metadata:created_at 2013_01_09, confidence Medium, signature_severity Major, updated_at 2022_07_14;)

References

urlgroups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ

Metadata

created at2013_01_09
confidenceMedium
signature severityMajor
updated at2022_07_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!