CVE-2010-2266 Exploitation Attempt

Aug 21, 2020 ·

Detects the exploit attempt for CVE-2010-2266

Sigma rule (View on GitHub)

 1title: CVE-2010-2266 Exploitation Attempt
 2id: 36bf4805-e595-43ef-833b-754e63edb5ab
 3status: experimental
 4description: Detects the exploit attempt for CVE-2010-2266
 5references:
 6  - https://www.exploit-db.com/exploits/13818
 7author: Loginsoft Research Unit
 8date: 2020/05/25
 9logsource:
10  product: nginx
11  category: webserver
12detection:
13    selection:
14      c-uri|contains:
15        - '/%c0./%20'
16      sc-status: 500
17    keywords:
18      - '1113: No mapping for the Unicode character exists in the target multi-byte code page'
19    condition: selection or keywords
20falsepositives:
21  - Unknown
22level: medium```

References

OffSec’s Exploit Database Archive

Nginx 0.8.36 - Source Disclosure / Denial of Service. CVE-2010-2266CVE-2010-2263CVE-65531CVE-65530 . remote exploit for Windows platform

Read More

CVE-2010-2266 Exploitation Attempt

Sigma rule (View on GitHub)

References

OffSec’s Exploit Database Archive