#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails RCE Attempt Inbound (CVE-2013-0333)"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:9; metadata:created_at 2013_01_30, former_category WEB_SERVER, updated_at 2022_05_03;)

Added 2022-07-13 18:02:22 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:8; metadata:created_at 2013_01_30, updated_at 2022_05_03;)

Added 2022-05-03 18:06:36 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:7; metadata:created_at 2013_01_30, updated_at 2020_05_08;)

Added 2021-09-21 19:58:27 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:7; metadata:created_at 2013_01_29, updated_at 2020_05_08;)

Added 2020-05-08 17:41:13 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:7; metadata:created_at 2013_01_29, updated_at 2013_01_29;)

Added 2018-09-13 19:46:16 UTC


Added 2018-09-13 17:57:16 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:7; metadata:created_at 2013_01_29, updated_at 2013_01_29;)

Added 2017-08-07 21:10:00 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; pcre:"/^Content-Type\x3a[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Hmi"; content:"!ruby/"; http_client_body; nocase; content:"NamedRouteCollection"; http_client_body; nocase; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:7;)

Added 2014-09-19 17:22:45 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET CURRENT_EVENTS Ruby on Rails CVE-2013-0333 Attempt"; flow:established,to_server; content:"|0d 0a|Content-Type|3a|"; nocase; pcre:"/^[^\r\n]*(?:application\/json(?:request)?|text\/x-json)/Ri"; content:"!ruby/"; nocase; distance:0; content:"NamedRouteCollection"; nocase; distance:0; reference:url,gist.github.com/4660248; classtype:web-application-activity; sid:2016305; rev:5;)

Added 2013-01-29 23:10:05 UTC


Topic revision: r1 - 2022-07-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats