[Snort-sigs] Offer a new sig for detecting TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock

rmkml rmkml at ...4129...
Sat Oct 22 18:53:17 EDT 2016


Hi,

The http://etplc.org open source project offer a new sig for detecting TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock:

alert tcp $EXTERNAL_NET any -> $HOME_NET 1812 (msg:"WEB-MISC TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock attempt";
flow:to_server,established; content:"User-Agent|3A 20 28 29 20 7b|"; nocase; content:"/cgiCmdNotify"; nocase; reference:cve,2014-6271;
reference:url,www.myhackerhouse.com/trendmicro-cve-2014-6271/; classtype:misc-attack; sid:1; rev:1;)

See reference for more information.

Don't forget check variables.

Please send any comments.

Regards
@Rmkml




More information about the Snort-sigs mailing list