CVE-2017-12617 Exploitation Attempt
Detects Remote Code Execution(JSP Upload Bypass) attack
Sigma rule (View on GitHub)
1title: CVE-2017-12617 Exploitation Attempt
2id: 50964aaf-2ddf-423b-87bc-5405d03103e6
3status: experimental
4description: Detects Remote Code Execution(JSP Upload Bypass) attack
5references:
6 - https://www.exploit-db.com/exploits/42966
7author: Loginsoft Research Unit
8date: 2020/07/13
9logsource:
10 product: apache
11 category: webserver
12detection:
13 selection:
14 c-uri: '/*.jsp/'
15 cs-method: 'PUT'
16 sc-status:
17 - 201
18 - 403
19 condition: selection
20level: medium```
References
-
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2). CVE-2017-12617 . webapps exploit for JSP platform
Read More