ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)

SID: 2025435Rev: 40 viewsHistory

Sourceet/open

CreatedMarch 19, 2018

UpdatedNovember 5, 2020

Classificationattempted-admin

alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; http.method; content:"PUT"; http.uri; content:"/_users/"; http.request_body; content:"_admin"; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:4; metadata:attack_target Server, created_at 2018_03_19, cve CVE_2017_12635, deployment Datacenter, malware_family CoinMiner, signature_severity Major, updated_at 2020_11_05;)

References

cve	2017-12635
url	blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/

Metadata

attack targetServer

created at2018_03_19

cveCVE-2017-12635

deploymentDatacenter

malware familyCoinMiner

signature severityMajor

updated at2020_11_05

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!