ATTACK [PTsecurity] Kibana < 6.4.3 <5.6.13 Arbitrary File Inclusion/Disclosure/RCE attempt (CVE-2018-17245)

SID: 10004231Rev: 129 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Kibana < 6.4.3 <5.6.13 Arbitrary File Inclusion/Disclosure/RCE attempt (CVE-2018-17245)"; flow:established, to_server; content:"/api/console/api_server"; http_uri; content:"SENSE_VERSION"; nocase; http_uri; distance:0; pcre:"/apis\s*=\s*[^&]*(?:(?:%2e|\.)(?:%2e|\.)(?:%5c|%2f|\/|\\))/Ui"; reference:cve, 2018-17245; reference:url, www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10004231; rev:1;)

References

cve2018-17245
urlwww.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!