ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246)
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedDecember 19, 2018
UpdatedApril 13, 2024
Classificationattempted-user
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246)"; flow:established,to_server ; http.method; content:"GET"; http.uri; content:"/api/console/api_server?sense_version="; startswith; fast_pattern; content:"SENSE_VERSION&apis="; pcre:"/^(?:\.\.\/){2,}/R" ; reference:url,www.bleepingcomputer.com/news/security/file-inclusion-bug-in-kibana-console-for-elasticsearch-gets-exploit-code/ ; classtype:attempted-user; sid:2026739; rev:5; metadata:attack_target Web_Server, created_at 2018_12_19, cve CVE_2018_17246, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2024_04_13;)
References
Metadata
attack targetWeb_Server
created at2018_12_19
deploymentPerimeter
performance impactLow
signature severityMajor
updated at2024_04_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!