ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
Sourceet/open
Fileemerging-exploit.rules
CreatedMarch 13, 2018
UpdatedApril 29, 2024
Classificationattempted-admin
alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)"; flow:established,to_server,only_stream ; urilen:26; http.method; content:"PUT"; http.uri; content:"/_config/query_servers/cmd"; fast_pattern; http.header; header_lowercase; content:"authorization|3a 20|Basic"; http.request_body; pcre:"/^\s*[\x22\x27]/"; reference:cve,2017-12636 ; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/ ; classtype:attempted-admin; sid:2025432; rev:6; metadata:created_at 2018_03_13, cve CVE_2017_12636, deployment Datacenter, performance_impact Moderate, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_29;)
References
Metadata
created at2018_03_13
deploymentDatacenter
performance impactModerate
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_29
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!