[Snort-sigs] New Community sig for detecting Oracle WebCenter header injection

Joel Esler jesler at ...435...
Thu Apr 18 12:39:21 EDT 2013


Rmkml,

We actually have rules for this written this already in testing already, so what we do is we'll do is move them from our VRT set into the community set.

Joel

On Apr 18, 2013, at 11:26 AM, Joel Esler <jesler at ...435...> wrote:

> Thanks!  We'll take a look!
> 
> On Apr 17, 2013, at 4:15 PM, rmkml <rmkml at ...174...> wrote:
> 
>> Hi,
>> 
>> Please find offer a new sig for community for detecting Oracle WebCenter header injection:
>> 
>> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (
>> msg:"WEB-MISC Oracle WebCenter (FatWire) header injection on blobheadername2 and blobheadervalue2 attempt";
>> flow:to_server,established; content:"blobheadername2="; nocase; http_uri; content:"blobheadervalue2=";
>> nocase; http_uri; pcre:"/[\?\&]blobheadervalue2\=[^\&]*?[\x00-\x25\x27-\x2f\x3a-\x40\x5b-\x60\x7b-\xff]/Ui";
>> reference:cve,2013-1509; reference:url,www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html; classtype:web-application-attack; sid:1; rev:1;)
>> 
>> Don't remember adjust snort variables.
>> 
>> Please post any comments?
>> 
>> Happy Detect
>> Rmkml
>> 
>> http://twitter.com/rmkml
>> 
>> ------------------------------------------------------------------------------
>> Precog is a next-generation analytics platform capable of advanced
>> analytics on semi-structured data. The platform includes APIs for building
>> apps and a phenomenal toolset for data science. Developers can use
>> our toolset for easy data analysis & visualization. Get a free account!
>> http://www2.precog.com/precogplatform/slashdotnewsletter
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>> 
>> 
>> Please visit http://blog.snort.org for the latest news about Snort!
> 





More information about the Snort-sigs mailing list