CVE-2009-4487 Exploitation Attempt

calendar Aug 21, 2020  ·
Share on: linkedin copy

Detects the exploit of Command-Injection Vulnerability

Sigma rule (View on GitHub)

 1title: CVE-2009-4487 Exploitation Attempt
 2id: a56b065e-1108-4cd0-9ed0-8bdabb851819
 3status: experimental
 4description: Detects the exploit of Command-Injection Vulnerability
 5references:
 6  - https://www.exploit-db.com/exploits/33490
 7author: Loginsoft Research Unit
 8date: 2020/05/27
 9logsource:
10  product: nginx
11  category: webserver
12detection:
13  selection:
14    sc-status: 404
15    c-uri-query|contains:
16      - '%1b%5d'
17      - '/\x1B]2'
18  condition: selection  
19falsepositives:
20  – Unknown
21level: low ```

References

to-top