Snort mailing list archives
Fw: CVE-2017-9810, CVE-2017-9812 Signatures
From: Y M via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 31 Jul 2017 12:29:43 +0000
Hello, Below two rules are also derived from the references withing the signatures. No pcaps available. alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER Kaspersky Linux File Server WMC cross site request forgery attempt"; flow:to_client,established; file_data; content:"/cgi-bin/cgictl?action=setTaskSettings"; fast_pattern:only; content:"taskId="; nocase; content:"settings=|7B|"; nocase; metadata:service ftp-data, service http, service imap, service pop3; reference:cve,2017-9810; reference:url,www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities; classtype:attempted-admin; sid:110002; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER Kaspersky Linux File Server WMC path traversal attempt"; flow:to_server,established; content:"/cgi-bin/cgictl?action=getReportStatus"; fast_pattern:only; content:"&reportId=../"; distance:0; http_uri; nocase; metadata:service ftp-data, service http, service imap, service pop3; reference:cve,2017-9812; reference:url,www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities; classtype:attempted-admin; sid:110003; rev:1;) Thanks. YM
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Fw: CVE-2017-9810, CVE-2017-9812 Signatures Y M via Snort-sigs (Jul 31)
- Re: Fw: CVE-2017-9810, CVE-2017-9812 Signatures Tyler Montier (Jul 31)