alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor 2"; flow:established,to_server; content:"/upload"; http_uri; isdataat:!1,relative; content:"X-Auth-Token|3a| AuroraSdnToken?"; http_header; fast_pattern; content:".deb|0d 0a|"; http_header; content:"|7f|ELF"; http_client_body; depth:4; metadata: former_category SCAN; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb; classtype:attempted-admin; sid:2026030; rev:2; metadata:attack_target Client_Endpoint, deployment Datacenter, signature_severity Major, created_at 2018_08_24, updated_at 2018_08_24;)

Added 2018-09-13 19:55:08 UTC


Added 2018-09-13 18:02:26 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor 2"; flow:established,to_server; content:"/upload"; http_uri; isdataat:!1,relative; content:"X-Auth-Token|3a| AuroraSdnToken?"; http_header; fast_pattern; content:".deb|0d 0a|"; http_header; content:"|7f|ELF"; http_client_body; depth:4; metadata: former_category SCAN; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb; classtype:attempted-admin; sid:2026030; rev:2; metadata:attack_target Client_Endpoint, deployment Datacenter, signature_severity Major, created_at 2018_08_24, updated_at 2018_08_24;)

Added 2018-08-24 17:18:08 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats