ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1

SID: 2024096Rev: 40 views
History
Sourceet/open
CreatedMarch 20, 2017
UpdatedAugust 4, 2020
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1"; flow:to_server,established; http.header; content:"multipart/form-data"; nocase; http.request_body; content:"Content-Disposition|3a|"; nocase; content:"filename"; nocase; pcre:"/^[^\r\n]*filename\s*=\s*[^\x3b\x3a\r\n]*[\x25\x24]\s*\{[^\r\n]{20,}\}/mi"; reference:url,community.hpe.com/t5/Security-Research/Struts2-046-A-new-vector/ba-p/6949723#.WNF-_kcpDUJ; classtype:web-application-attack; sid:2024096; rev:4; metadata:affected_product Apache_Struts2, attack_target Web_Server, created_at 2017_03_20, deployment Datacenter, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2020_08_04;)

References

urlcommunity.hpe.com/t5/Security-Research/Struts2-046-A-new-vector/ba-p/6949723#.WNF-_kcpDUJ

Metadata

affected productApache_Struts2
attack targetWeb_Server
created at2017_03_20
deploymentDatacenter
confidenceMedium
signature severityMajor
tagCISA_KEV
updated at2020_08_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!