CVE-2009-3898 Exploitation Attempt

Aug 21, 2020 ·

Detects the exploit attempt for Path Traversal Vulnerability

Sigma rule (View on GitHub)

 1title: CVE-2009-3898 Exploitation Attempt
 2id: cf98b0cf-0b0c-4af6-bd28-6cefabd58cf8
 3status: experimental
 4description: Detects the exploit attempt for Path Traversal Vulnerability
 5references:
 6  - https://www.exploit-db.com/exploits/9829
 7author: Loginsoft Research unit
 8date: 2020/05/27
 9logsource:
10  product: nginx
11  category: webserver
12detection:
13  selection:
14    sc-status: 204
15    cs-method: 
16      - 'COPY'
17      - 'MOVE'
18    c-uri: '*index.html'
19  keywords:
20    - 'client sent invalid "Destination" header'
21  condition: selection or keywords
22falsepositives:
23  - Unknown
24level: medium```

References

OffSec’s Exploit Database Archive

Nginx 0.7.61 - WebDAV Directory Traversal. CVE-2009-3898CVE-58328 . remote exploit for Multiple platform

Read More

CVE-2009-3898 Exploitation Attempt

Sigma rule (View on GitHub)

References

OffSec’s Exploit Database Archive