ATTACK [PTsecurity] SVN/Git Remote Code Execution through malicious (svn+,git+)ssh:// URL (Multiple CVEs)

SID: 10001763Rev: 23 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] SVN/Git Remote Code Execution through malicious (svn+,git+)ssh:// URL (Multiple CVEs)"; flow:established, from_server; content:"30"; http_stat_code; depth:2; content:"Location:"; http_header; nocase; content:"ssh://"; nocase; http_header; distance:0; pcre:"/ssh:\/\/(?:[^@\s]+@)?(?:[\w\:\.\-\[\]\@]+[^\w\:\.\-\[\]\@\/\ ]|[^\w\:\.\-\[\]\@\/\ ][\w\:\.\-\[\]\@])/Hi"; reference:cve, 2017-9800; reference:cve, 2017-12426; reference:cve, 2017-1000116; reference:cve, 2017-1000117; reference:url, subversion.apache.org/security/CVE-2017-9800-advisory.txt; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001763; rev:2;)

References

cve2017-9800
cve2017-12426
cve2017-1000116
cve2017-1000117
urlsubversion.apache.org/security/CVE-2017-9800-advisory.txt
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!