alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)"; flow:established,to_server; content:"POST"; http_method; content:"data.php"; isdataat:!1,relative; http_uri; nocase; content:"|22 3b 20|filename=|22|"; http_client_body; content:"|2e|passthru|28|"; http_client_body; content:"|2e|die|28 29 3b|"; distance:0; http_client_body; http_header_names; content:"horde_secret_key|0d 0a|"; nocase; fast_pattern; reference:url,https://cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/; reference:cve,2020-8518; classtype:attempted-admin; sid:2029636; rev:2; metadata:attack_target Web_Server, created_at 2020_03_13, cve 2020_8518, deployment Perimeter, former_category WEB_SPECIFIC_APPS, performance_impact Low, signature_severity Major, updated_at 2020_11_11;)

Added 2020-11-12 18:23:19 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)"; flow:established,to_server; content:"POST"; http_method; content:"data.php"; isdataat:!1,relative; http_uri; nocase; content:"|22 3b 20|filename=|22|"; http_client_body; content:"|2e|passthru|28|"; http_client_body; content:"|2e|die|28 29 3b|"; distance:0; http_client_body; http_header_names; content:"horde_secret_key|0d 0a|"; nocase; fast_pattern; reference:url,https://cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/; reference:cve,2020-8518; classtype:attempted-admin; sid:2029636; rev:2; metadata:attack_target Web_Server, created_at 2020_03_13, cve 2020_8518, deployment Perimeter, former_category WEB_SPECIFIC_APPS, performance_impact Low, signature_severity Major, updated_at 2020_11_07;)

Added 2020-11-09 19:10:17 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)"; flow:established,to_server; content:"POST"; http_method; content:"data.php"; isdataat:!1,relative; http_uri; nocase; content:"|22 3b 20|filename=|22|"; http_client_body; content:"|2e|passthru|28|"; http_client_body; content:"|2e|die|28 29 3b|"; distance:0; http_client_body; http_header_names; content:"horde_secret_key|0d 0a|"; nocase; fast_pattern; reference:url,https://cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/; reference:cve,2020-8518; classtype:attempted-admin; sid:2029636; rev:2; metadata:attack_target Web_Server, created_at 2020_03_13, cve 2020_8518, deployment Perimeter, former_category WEB_SPECIFIC_APPS, performance_impact Low, signature_severity Major, updated_at 2020_03_13;)

Added 2020-08-05 19:17:44 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)"; flow:established,to_server; content:"POST"; http_method; content:"data.php"; isdataat:!1,relative; http_uri; nocase; content:"|22 3b 20|filename=|22|"; http_client_body; content:"|2e|passthru|28|"; http_client_body; content:"|2e|die|28 29 3b|"; distance:0; http_client_body; http_header_names; content:"horde_secret_key|0d 0a|"; nocase; fast_pattern; metadata: former_category WEB_SPECIFIC_APPS; reference:url,https://cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/; reference:cve,2020-8518; classtype:attempted-admin; sid:2029636; rev:2; metadata:attack_target Web_Server, deployment Perimeter, cve 2020_8518, signature_severity Major, created_at 2020_03_13, performance_impact Low, updated_at 2020_03_13;)

Added 2020-03-13 18:26:11 UTC


Topic revision: r1 - 2020-11-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats