alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"[APACHE] Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 23"; content:"|28|%29%20%7b|20|"; program: apache|httpd; flowbits: set, exploit_attempt, 86400; parse_src_ip: 1; fwsam: src, 1 day; reference:url,blogs.akamai.com/2014/09/environment-bashing.html; classtype:attempted-admin; sid:5002202; rev:2;)
-- Main.Sagan-Wiki-Add - 2015-10-21 New revisions of 5002202 will be below...
alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[APACHE] Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 23"; content:"|28|%29%20%7b|20|"; program: apache|httpd; xbits: set, exploit_attempt ,track ip_src, expire 86400; parse_src_ip: 1; reference:url,blogs.akamai.com/2014/09/environment-bashing.html; default_proto:tcp; default_dst_port: $HTTP_PORT; classtype:attempted-admin; sid:5002202; rev:6;)
-- Main.Sagan-Wiki-Add - 2021-4-12
Edit | Attach | Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback