'Re: [Snort-sigs] Magento CVE-2015-1397, CVE-2015-1398, CVE-2015-1399 Sig'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] Magento CVE-2015-1397, CVE-2015-1398, CVE-2015-1399 Sig
From:       Matt Mickel <mmickel () sourcefire ! com>
Date:       2015-05-13 12:01:08
Message-ID: 55533D04.4030401 () sourcefire ! com
[Download RAW message or body]

Hi, James-

This rule has been reviewed and added to the community ruleset (SID: 
34365).  Thanks for your contribution.  Best,

Matt Mickel

On 04/24/2015 02:16 PM, James Lay wrote:
> Pretty simple:
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP
> Vulnerable Magento Adminhtml Access"; flow:established,to_server;
> uricontent:"Adminhtml"; nocase; uricontent:!"|2f|admin|2f|"; nocase;
> reference:url,blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability;
> classtype:bad-unknown; sid:10000158; rev:1;)
>
> Can't imagine running something like this over http...I suspect this
> will fire on scanners trying to exploit this, which might be helpful to
> someone.  Standard disclaimer of "this rule may suck please fix it"
> applies.
>
> James
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic