[Snort-sigs] Magento CVE-2015-1397, CVE-2015-1398, CVE-2015-1399 Sig

Matt Mickel mmickel at ...435...
Wed May 13 08:01:08 EDT 2015


Hi, James-

This rule has been reviewed and added to the community ruleset (SID: 
34365).  Thanks for your contribution.  Best,

Matt Mickel

On 04/24/2015 02:16 PM, James Lay wrote:
> Pretty simple:
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP
> Vulnerable Magento Adminhtml Access"; flow:established,to_server;
> uricontent:"Adminhtml"; nocase; uricontent:!"|2f|admin|2f|"; nocase;
> reference:url,blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability;
> classtype:bad-unknown; sid:10000158; rev:1;)
>
> Can't imagine running something like this over http...I suspect this
> will fire on scanners trying to exploit this, which might be helpful to
> someone.  Standard disclaimer of "this rule may suck please fix it"
> applies.
>
> James
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-sigs mailing list