Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- alert tcp any any -> $HOME_NET any (msg:”CVE-2018-11776 Struts ognl”; flow:established, to_server; content:”ognl|2e|”; rawbytes; nocase; pcre: "/(?:^(OgnlContext|ClassResolver|TypeConverter|MemberAccess)[A-Za-z\.]+)/iR"; sid:x; rev:x;)
- alert tcp any any -> $HOME_NET any (msg:”CVE-2018-11776 Struts opensymphony”; flow:established, to_server; content:”com|2e|opensymphony|2e|xwork2|2e|”; rawbytes; nocase; pcre: "/(?:^((ognl\.SecurityMemberAccess)|(ActionContext|UnixProcess))[A-Za-z\.]+)/iR"; sid:x; rev:x;)
- alert tcp any any -> $HOME_NET any (msg:”CVE-2018-11776 Struts freemarker”; flow:established, to_server; content:”freemarker|2e|”; rawbytes; nocase; pcre: /(?:^(core|template|ext\.(rhino|beans))\.[A-Za-z\.]+)/iR"; sid:x; rev:x;)
- alert tcp any any -> $HOME_NET any (msg:”CVE-2018-11776 Struts sun”; flow:established, to_server; content:”sun|2e|”; rawbytes; nocase; pcre: "/(?:^(misc|reflect)\.[A-Za-z\.]+)/iR"; sid:x; rev:x;)
- alert tcp any any -> $HOME_NET any (msg:”CVE-2018-11776 Struts javassist”; flow:established, to_server; content:”javassist|2e|”; rawbytes; nocase; pcre: "/(?:^[A-Za-z\.]+)/iR"; sid:x; rev:x;)
- alert tcp any any -> $HOME_NET any (msg:”CVE-2018-11776 Struts java.lang”; flow:established, to_server; content:”java|2e|lang|2e|”; rawbytes; nocase; pcre: "/(?:^(Object|Runtime|System|Class|ClassLoader|Shutdown|ProcessBuilder)[A-Za-z\.]+)/iR"; sid:x; rev:x;)
- alert tcp any any -> $HOME_NET any (msg:"CVE-2018-11776 OGNL execution in URI via S2-045 and S2-053k detection"; flow:established, to_server; content:"|25|7b|28|"; rawbytes; fast_pattern:only; sid:x; rev:x;)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement