ET EXPLOIT NB8-04 - Possible Unauthed RCE via whitelist bypass - Suricata Rule 2024310 (et/open)

ET EXPLOIT NB8-04 - Possible Unauthed RCE via whitelist bypass

SID: 2024310Rev: 10 viewsHistory

Sourceet/open

CreatedMay 17, 2017

UpdatedJuly 26, 2019

Classificationweb-application-attack

alert tcp any any -> $HOME_NET 1556 (msg:"ET EXPLOIT NB8-04 - Possible Unauthed RCE via whitelist bypass"; flow:established,to_server; content:"ack="; depth:4; content:"extension=bprd"; distance:0; fast_pattern; content:"BPCD_WHITELIST_PATH"; distance:0; reference:url,seclists.org/fulldisclosure/2017/May/27; classtype:web-application-attack; sid:2024310; rev:1; metadata:attack_target Server, created_at 2017_05_17, deployment Internal, performance_impact Moderate, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	seclists.org/fulldisclosure/2017/May/27

Metadata

attack targetServer

created at2017_05_17

deploymentInternal

performance impactModerate

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!