alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12636)"; flow: established,to_server,only_stream; urilen:26; content:"PUT"; http_method; content:"/_config/query_servers/cmd"; http_uri; pcre:"/^\s*[\x22\x27]/P"; content:"Authorization|3a 20|Basic"; http_header; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:3; metadata:created_at 2018_03_13, deployment Datacenter, former_category EXPLOIT, performance_impact Moderate, signature_severity Major, updated_at 2020_11_05;)

Added 2020-11-05 18:35:58 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12636)"; flow: established,to_server,only_stream; urilen:26; content:"PUT"; http_method; content:"/_config/query_servers/cmd"; http_uri; pcre:"/^\s*[\x22\x27]/P"; content:"Authorization|3a 20|Basic"; http_header; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:3; metadata:created_at 2018_03_13, deployment Datacenter, former_category EXPLOIT, performance_impact Moderate, signature_severity Major, updated_at 2020_03_04;)

Added 2020-08-05 19:14:33 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12636)"; flow: established,to_server,only_stream; urilen:26; content:"PUT"; http_method; content:"/_config/query_servers/cmd"; http_uri; pcre:"/^\s*[\x22\x27]/P"; content:"Authorization|3a 20|Basic"; http_header; metadata: former_category EXPLOIT; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:3; metadata:deployment Datacenter, signature_severity Major, created_at 2018_03_13, performance_impact Moderate, updated_at 2020_03_04;)

Added 2020-03-04 19:16:55 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12636)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_config/query_servers/cmd"; urilen:26; pcre:"/^\s*[\x22\x27]/P"; content:"Authorization|3a 20|Basic"; http_header; metadata: former_category EXPLOIT; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:2; metadata:deployment Datacenter, signature_severity Major, created_at 2018_03_13, performance_impact Moderate, updated_at 2018_03_13;)

Added 2018-09-13 19:54:35 UTC


Added 2018-09-13 18:02:05 UTC


alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12636)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_config/query_servers/cmd"; urilen:26; pcre:"/^\s*[\x22\x27]/P"; content:"Authorization|3a 20|Basic"; http_header; metadata: former_category EXPLOIT; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:2; metadata:deployment Datacenter, signature_severity Major, created_at 2018_03_13, performance_impact Moderate, updated_at 2018_03_13;)

Added 2018-03-13 17:08:43 UTC


Topic revision: r1 - 2020-11-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats