CVE-2017-7659 Exploitation Attempt
Detects if the crash is due to Null Pointer Dereference
Sigma rule (View on GitHub)
1title: CVE-2017-7659 Exploitation Attempt
2id: 4ad53ed2-726a-46ad-83eb-58849d144dc4
3status: experimental
4description: Detects if the crash is due to Null Pointer Dereference
5references:
6 - http://wg135.github.io/blog/2017/07/18/cve-2017-7659-apache-vulnerability-reproduce/
7author: Loginsoft Research Unit
8date: 2020/06/17
9logsource:
10 product: apache
11 category: webserver
12detection:
13 selection:
14 cs-version: 'HTTP/1.0'
15 status: 408
16 condition: selection
17level: medium```
References
-
Apache released fix for CVE-2017-7659 last month. It is a mod_http2 Null Pointer Dereference vulnerability. Here is my analysis. First check the …
Read More