[Snort-sigs] CVE-2018-3813 signature

Y M snort at outlook.com
Thu Jan 4 13:15:00 EST 2018


Hi,


The below signature attempts at detecting unauthenticated disclosure of credentials since there is no authentication to begin with. No pcaps available.


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP FLIR Breakstream 2300 unauthenticated information disclosure attempt"; flow:to_server,established; content:"GET"; http_method; content:"/getConfigExportFile.cgi"; fast_pattern:only; http_uri; metadata:ruleset community, service http; reference:cve-2018-3813; reference:url,misteralfa-hack.blogspot.com/2018/01/brickstream-recuento-y-seguimiento-de.html; classtype:attempted-user; sid:9000009; rev:1;)


Thank.

YM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180104/2e23a3f6/attachment-0001.html>


More information about the Snort-sigs mailing list