iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

Category: Server-Apache

( 13 Alerts)

SERVER-APACHE Apache Struts remote code execution attempt

This Snort rule is specifically crafted to detect attempts to exploit the Apache Struts remote code execution vulnerability. It looks for specific patterns in the HTTP payload, indicating an attempt to exploit this known vulnerability. If the patterns are detected in the payload of an established TCP connection on standard HTTP ports, the rule triggers an alert.

SERVER-APACHE Apache Struts remote code execution attempt

This Snort rule is specifically crafted to detect attempts to exploit the Apache Struts remote code execution vulnerability. It looks for specific patterns in the HTTP payload, indicating an attempt to exploit this known vulnerability. If the patterns are detected in the payload of an established TCP connection on standard HTTP ports, the rule triggers an alert.

SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt

These alerts are triggered when detecting the injection of malicious Object-Graph Navigation Language (OGNL) expressions in an HTTP request. OGNL is an expression language used by the Apache Struts framework. These alerts are triggered when an adversary is attempting to gain unauthorized access or execute malicious commands on the server by exploiting the following vulnerabilities CVE-2018-11776, CVE-2013-2134, and CVE-2013-2135.