ATTACK [PTsecurity] Kibana < 6.4.3 <5.6.13 Arbitrary File Inclusion/Disclosure/RCE attempt (CVE-2018-17245)

SID: 10004231Rev: 10 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http any any -> any any (msg:"ATTACK [PTsecurity] Kibana < 6.4.3 <5.6.13 Arbitrary File Inclusion/Disclosure/RCE attempt (CVE-2018-17245)"; flow:established, to_server; content:"/api/console/api_server"; http_uri; content:"SENSE_VERSION"; nocase; http_uri; distance:0; pcre:"/apis\s*=\s*[^&]*(?:(?:%2e|\.)(?:%2e|\.)(?:%5c|%2f|\/|\\))/Ui"; reference:cve, 2018-17245; reference:url, www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-admin; sid:10004231; rev:1;)

References

cve	2018-17245
url	www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!