CVE-2016-6816 Exploitation Attempt

calendar Aug 21, 2020  ·
Share on: linkedin copy

Detecting the attempt of Improper Input Validation

Sigma rule (View on GitHub)

 1title: CVE-2016-6816 Exploitation Attempt
 2id: 68c5488f-b5a0-43fc-ab35-c4f05c75181b
 3status: experimental
 4description: Detecting the attempt of Improper Input Validation
 5references:
 6    - https://www.exploit-db.com/exploits/41783
 7author: Loginsoft Research Unit 
 8date: 2020/07/06
 9logsource:
10    product: Tomcat
11    category: webserver
12detection:
13    selection:
14        c-uri-query|contains:
15            - '{'
16            - '}'
17            - '|'
18            - '`'
19            - '^'
20            - '\\'
21            - '<'
22            - '>'
23            - '#'
24            - '\"'
25        sc-status:
26            - 200
27    condition: selection
28falsepositives:
29  - Unknown
30level: medium```

References

to-top