CVE-2017-7659 Exploitation Attempt

Aug 21, 2020 ·

Detects if the crash is due to Null Pointer Dereference

Sigma rule (View on GitHub)

 1title: CVE-2017-7659 Exploitation Attempt
 2id: 4ad53ed2-726a-46ad-83eb-58849d144dc4
 3status: experimental
 4description: Detects if the crash is due to Null Pointer Dereference
 5references:
 6  - http://wg135.github.io/blog/2017/07/18/cve-2017-7659-apache-vulnerability-reproduce/
 7author: Loginsoft Research Unit 
 8date: 2020/06/17
 9logsource:
10  product: apache
11  category: webserver
12detection:
13  selection:
14    cs-version: 'HTTP/1.0'
15    status: 408
16  condition: selection
17level: medium```

References

CVE-2017-7659 Apache Vulnerability Reproduce | Bob1Bob2

Apache released fix for CVE-2017-7659 last month. It is a mod_http2 Null Pointer Dereference vulnerability. Here is my analysis. First check the …

Read More

CVE-2017-7659 Exploitation Attempt

Sigma rule (View on GitHub)

References

CVE-2017-7659 Apache Vulnerability Reproduce | Bob1Bob2