<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p><span style="font-size: 11pt; font-family: Calibri, Helvetica, sans-serif;">Hello,</span><br>
</p>
<div style="color: rgb(0, 0, 0);">
<div>
<div id="divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<p><br>
</p>
<p><span style="font-size:11pt">Below two rules are also derived from the references withing the signatures. No pcaps available.</span></p>
<p><br>
</p>
<p></p>
<div><span style="font-size:10pt; font-family:Consolas,Courier,monospace">alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER Kaspersky Linux File Server WMC cross site request forgery attempt"; flow:to_client,established; file_data; content:"/cgi-bin/cgictl?action=setTaskSettings";
 fast_pattern:only; content:"taskId="; nocase; content:"settings=|7B|"; nocase; metadata:service ftp-data, service http, service imap, service pop3; reference:cve,2017-9810; reference:url,www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities;
 classtype:attempted-admin; sid:110002; rev:1;)</span></div>
<div><br>
</div>
<div><span style="font-size:10pt; font-family:Consolas,Courier,monospace">alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER Kaspersky Linux File Server WMC path traversal attempt"; flow:to_server,established; content:"/cgi-bin/cgictl?action=getReportStatus";
 fast_pattern:only; content:"&reportId=../"; distance:0; http_uri; nocase; metadata:service ftp-data, service http, service imap, service pop3; reference:cve,2017-9812; reference:url,www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities;
 classtype:attempted-admin; sid:110003; rev:1;)</span></div>
<br>
<p></p>
<p><span style="font-size:11pt">Thanks.</span></p>
<p><span style="font-size:11pt">YM</span></p>
</div>
</div>
</div>
</div>
</body>
</html>