ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure (web.config) (CVE-2020-10148)

SID: 2031459Rev: 20 viewsHistory

Sourceet/open

CreatedDecember 29, 2020

UpdatedSeptember 9, 2021

Classificationweb-application-attack

alert http any any -> any any (msg:"ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure (web.config) (CVE-2020-10148)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/web.config.i18n.ashx?"; nocase; fast_pattern; reference:url,gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965; reference:url,kb.cert.org/vuls/id/843464; reference:cve,2020-10148; classtype:web-application-attack; sid:2031459; rev:2; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_12_29, cve CVE_2020_10148, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2021_09_09;)

References

url	gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
url	kb.cert.org/vuls/id/843464
cve	2020-10148

Metadata

affected productWeb_Server_Applications

attack targetClient_Endpoint

created at2020_12_29

cveCVE-2020-10148

deploymentPerimeter

confidenceMedium

signature severityMajor

tagCISA_KEV

updated at2021_09_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!