ET EXPLOIT Possible NGINX Reference LDAP Query Injection Attack

7.0.35.0SID: 2035897Rev: 4Enabled1 views
Sourceet/open
Fileemerging-exploit.rules
CreatedApril 12, 2022
UpdatedApril 28, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible NGINX Reference LDAP Query Injection Attack"; flow:established,to_server; http.request_header; header_lowercase; content:"x-ldap-template|3a 20|"; fast_pattern; startswith; content:"|28 7c|"; within:5; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,github.com/nginxinc/nginx-ldap-auth/issues/93; classtype:attempted-admin; sid:2035897; rev:4; metadata:attack_target Web_Server, created_at 2022_04_12, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_28, reviewed_at 2023_09_01;)

Metadata

attack targetWeb_Server
created at2022_04_12
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_28
reviewed at2023_09_01

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!