ATTACK [PTsecurity] SVN/Git Remote Code Execution through malicious (svn+,git+)ssh:// URL (Multiple CVEs)

SID: 10001756Rev: 32 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert tcp any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] SVN/Git Remote Code Execution through malicious (svn+,git+)ssh:// URL (Multiple CVEs)"; flow:established; content:"ssh://-"; nocase; pcre:"/\S{3}/Rsi"; reference:cve, 2017-9800; reference:cve, 2017-12426; reference:cve, 2017-1000116; reference:cve, 2017-1000117; reference:url, subversion.apache.org/security/CVE-2017-9800-advisory.txt; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001756; rev:3;)

References

cve2017-9800
cve2017-12426
cve2017-1000116
cve2017-1000117
urlsubversion.apache.org/security/CVE-2017-9800-advisory.txt
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!