ATTACK [PTsecurity] Apache Struts < 2.3.32 < 2.5.10.1 RCE through Jakarta Multipart parser Attempt

SID: 10001065Rev: 30 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http any any -> any any (msg:"ATTACK [PTsecurity] Apache Struts < 2.3.32 < 2.5.10.1 RCE through Jakarta Multipart parser Attempt"; flow:established, to_server; content:"%{"; fast_pattern; http_header; content:"multipart/form-data"; http_header; content:"#_memberAccess"; http_header; content:"@java"; http_header; reference:cve, 2017-5638; reference:url, paper.seebug.org/241/; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001065; rev:3;)

References

cve	2017-5638
url	paper.seebug.org/241/
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!