ATTACK [PTsecurity] SVN/Git Remote Code Execution through malicious (svn+,git+)ssh:// URL (Multiple CVEs)

SID: 10001763Rev: 240 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] SVN/Git Remote Code Execution through malicious (svn+,git+)ssh:// URL (Multiple CVEs)"; flow:established, from_server; content:"30"; http_stat_code; depth:2; content:"Location:"; http_header; nocase; content:"ssh://"; nocase; http_header; distance:0; pcre:"/ssh:\/\/(?:[^@\s]+@)?(?:[\w\:\.\-\[\]\@]+[^\w\:\.\-\[\]\@\/\ ]|[^\w\:\.\-\[\]\@\/\ ][\w\:\.\-\[\]\@])/Hi"; reference:cve, 2017-9800; reference:cve, 2017-12426; reference:cve, 2017-1000116; reference:cve, 2017-1000117; reference:url, subversion.apache.org/security/CVE-2017-9800-advisory.txt; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10001763; rev:2;)

References

cve2017-9800
cve2017-12426
cve2017-1000116
cve2017-1000117
urlsubversion.apache.org/security/CVE-2017-9800-advisory.txt
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!