alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible PHP Remote Code Execution CVE-2019-11043 PoC? (Inbound)"; flow:established,to_server; content:"|25|OA"; http_uri; nocase; content:"=/bin/sh+-c+'"; http_uri; nocase; distance:0; fast_pattern; metadata: former_category WEB_SERVER; reference:url,; reference:url,; reference:cve,2019-11043; classtype:web-application-attack; sid:2028895; rev:2; metadata:affected_product PHP, attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2019_10_23, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC

This topic: Main > 2028895
Topic revision: r1 - 2019-10-23 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats