CVE-2019-6339 Exploitation Attempt

Aug 21, 2020 ·

Detecting the attempt of Remote Code Execution (RCE) in Drupal

Sigma rule (View on GitHub)

 1title: CVE-2019-6339 Exploitation Attempt
 2id: 30371ee6-7f96-42c7-91b4-0227551eba12
 3status: experimental
 4description: Detecting the attempt of Remote Code Execution (RCE) in Drupal 
 5references:
 6    - https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2019-6339
 7author: Loginsoft Research Unit 
 8date: 2020/08/18
 9logsource:
10    product: drupal
11    category: application
12detection:
13    selection:
14      - 'Unexpected file extension in "phar:* at /var/www/html/core/lib/Drupal/Core/Security/PharExtensionInterceptor.php'
15    condition: selection
16falsepositives:
17  - Unknown
18level: critical```

References

vulhub/drupal/CVE-2019-6339 at master · vulhub/vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub

Read More

CVE-2019-6339 Exploitation Attempt

Sigma rule (View on GitHub)

References

vulhub/drupal/CVE-2019-6339 at master · vulhub/vulhub