ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1

SID: 2024094Rev: 20 views
History
Sourceet/open
CreatedMarch 20, 2017
UpdatedJuly 26, 2019
Classificationweb-application-attack
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1"; flow:to_server,established; content:"Content-Length|3a|"; nocase; content:"{"; content:"}"; content:"java|2e|"; nocase; content:"|2e|ognl"; fast_pattern:only; pcre:"/^Content-Length\x3a[^\r\n]*?\{(?=[^\r\n]*java\.)[^\r\n]*\.ognl[^\r\n]*\}/mi"; classtype:web-application-attack; sid:2024094; rev:2; metadata:affected_product Apache_Struts2, attack_target Web_Server, created_at 2017_03_20, deployment Datacenter, signature_severity Major, tag CISA_KEV, updated_at 2019_07_26;)

Metadata

affected productApache_Struts2
attack targetWeb_Server
created at2017_03_20
deploymentDatacenter
signature severityMajor
tagCISA_KEV
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!