alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String Vulnerability (Inbound)"; flow:to_server,established; content:"POST"; http_method; content:"/sslmgr"; isdataat:!1,relative; nocase; http_uri; content:"scep-profile-name=%"; depth:19; http_client_body; fast_pattern; pcre:"/^[0-9]+/PR"; metadata: former_category EXPLOIT; reference:url,blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html; classtype:attempted-admin; sid:2027723; rev:2; metadata:attack_target Server, deployment Perimeter, signature_severity Major, created_at 2019_07_18, updated_at 2019_07_18;)

Added 2019-07-18 17:38:57 UTC


Topic revision: r1 - 2019-07-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats