ET WEB_SPECIFIC_APPS Symantec Endpoint Manager XXE RCE Attempt

SID: 2018176Rev: 41 viewsHistory

Sourceet/open

CreatedFebruary 26, 2014

UpdatedApril 28, 2020

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HOME_NET [8443,9090] (msg:"ET WEB_SPECIFIC_APPS Symantec Endpoint Manager XXE RCE Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/servlet/ConsoleServlet?ActionType=ConsoleLog"; http.request_body; content:"Content-Type|3a| text/xml|0d 0a|"; nocase; content:"|3c 21|DOCTYPE"; nocase; content:"http|3a|//127.0.0.1|3a|9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=test_av&SequenceNum="; nocase; content:"&Parameter="; nocase; reference:cve,2013-5014; reference:cve,2013-5015; reference:url,cxsecurity.com/issue/WLB-2014020199; classtype:web-application-attack; sid:2018176; rev:4; metadata:created_at 2014_02_26, cve CVE_2013_5014, signature_severity Major, updated_at 2020_04_28;)

References

cve	2013-5014
cve	2013-5015
url	cxsecurity.com/issue/WLB-2014020199

Metadata

created at2014_02_26

cveCVE-2013-5014

signature severityMajor

updated at2020_04_28

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!