ATTACK [PTsecurity] PHP7 x86 heap overflow attempt via crafted zip archive - Suricata Rule 10000037 (ptresearch/attackdetection) - EveBox Rules

ATTACK [PTsecurity] PHP7 x86 heap overflow attempt via crafted zip archive

SID: 10000037Rev: 10 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] PHP7 x86 heap overflow attempt via crafted zip archive"; flow:established, to_server; content:"POST"; http_method; content:"PK|01 02|"; fast_pattern; content:"|FF FF FF|"; distance:21; within:3; content:"PK|01 02|"; distance:0; content:"|FF FF FF|"; distance:21; within:3; content:"PK|01 02|"; distance:0; content:"|FF FF FF|"; distance:21; within:3; content:"PK|01 02|"; distance:0; content:"|FF FF FF|"; distance:21; within:3; reference:cve, 2016-3078; reference:url, github.com/dyntopia/exploits/blob/master/CVE-2016-3078; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10000037; rev:1;)

References

cve	2016-3078
url	github.com/dyntopia/exploits/blob/master/CVE-2016-3078
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!