ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1

7.0.35.0SID: 2024096Rev: 5Enabled3 views
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedMarch 20, 2017
UpdatedMarch 7, 2024
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1"; flow:established,to_server; http.header; content:"multipart/form-data"; nocase; http.request_body; content:"Content-Disposition|3a|"; nocase; content:"filename"; nocase; pcre:"/^[^\r\n]*filename\s*=\s*[^\x3b\x3a\r\n]*[\x25\x24]\s*\{[^\r\n]{20,}\}/mi"; reference:url,community.hpe.com/t5/Security-Research/Struts2-046-A-new-vector/ba-p/6949723#.WNF-_kcpDUJ; classtype:web-application-attack; sid:2024096; rev:5; metadata:affected_product Apache_Struts2, attack_target Web_Server, created_at 2017_03_20, deployment Datacenter, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_03_07;)

Metadata

affected productApache_Struts2
attack targetWeb_Server
created at2017_03_20
deploymentDatacenter
confidenceMedium
signature severityMajor
tagCISA_KEV
updated at2024_03_07

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!