ATTACK [PTsecurity] Apache Struts 2.3.20-2.3.28.1 Privilege Escalation attempt

SID: 10000049Rev: 10 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Apache Struts 2.3.20-2.3.28.1 Privilege Escalation attempt"; content:"#_memberAccess"; http_uri; content:"="; http_uri; distance:0; content:"@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS"; http_uri; distance:0; reference:cve, 2016-0785; reference:cve, 2016-3081; reference:cve, 2016-3087; reference:cve, 2016-3093; reference:cve, 2016-4438; reference:url, struts.apache.org/docs/s2-029.html; reference:url, struts.apache.org/docs/s2-032.html; reference:url, struts.apache.org/docs/s2-033.html; reference:url, struts.apache.org/docs/s2-034.html; reference:url, struts.apache.org/docs/s2-037.html; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10000049; rev:1;)

References

cve2016-0785
cve2016-3081
cve2016-3087
cve2016-3093
cve2016-4438
urlstruts.apache.org/docs/s2-029.html
urlstruts.apache.org/docs/s2-032.html
urlstruts.apache.org/docs/s2-033.html
urlstruts.apache.org/docs/s2-034.html
urlstruts.apache.org/docs/s2-037.html
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!