Category: Server-Webapp
( 33 Alerts)SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt
This Snort rule is specifically crafted to detect attempts to exploit the directory traversal vulnerability in the Cisco Security Manager's XmpFileDownloadServlet. If the specified patterns are detected in the HTTP URI, the rule triggers an alert.
SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt
This Snort rule is specifically crafted to detect attempts to exploit the directory traversal vulnerability in the Cisco Security Manager's XmpFileDownloadServlet. If the specified patterns are detected in the HTTP URI and body, the rule triggers an alert.
SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt
this Snort rule is specifically crafted to detect attempts to exploit the directory traversal vulnerability in Cisco Security Manager's XmpFileDownloadServlet. If the specified patterns are detected in the HTTP URI and body, the rule triggers an alert.
SERVER-WEBAPP Cisco IOS HTTP server denial of service attempt
detects attempts to exploit a denial-of-service (DoS) vulnerability in the Cisco IOS HTTP server. The rule looks for specific content patterns in the HTTP URI that may indicate a DoS attack against the server.
SERVER-WEBAPP JBoss web console access attempt
This alert is triggered when detecting an attempt to access the web console of a JBoss application server. The JBoss web console is a graphical user interface provided by JBoss Application Server for managing and monitoring the server and its applications. This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the JBoss web console, such as CVE-2007-1036 and CVE-2013-2185. These vulnerabilities can allow unauthorized remote code execution and administrative access.
SERVER-WEBAPP JBoss JMXInvokerServlet access attempt
This alert is triggered when detecting an attempt to access the JMXInvokerServlet in the JBoss application server. JBoss JMXInvokerServlet is a component of JBoss Application Server that provides access to the JMX (Java Management Extensions) console, enabling users to manage and monitor resources in a Java Virtual Machine (JVM). This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the JBoss JMXInvokerServlet, such as CVE-2007-1036 and CVE-2013-2185. These vulnerabilities can allow unauthorized remote code execution and administrative access.
SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt
This alert is triggered when detecting an attempt to exploit CVE-2013-6810 a directory traversal vulnerability in EMC Connectrix Manager. EMC Connectrix Manager is an application used to manage storage infrastructure. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.
SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt
This alert is triggered when detecting an attempt to exploit CVE-2013- 6955 a remote command execution vulnerability in Synology DiskStation Manager. The Synology DiskStation Manager is an operating system used by Synology's NAS devices. This rule is particularly looking for signs of an attacker attempting to exploit the 'SLICEUPLOAD' feature by specifying the 'imageSelector.cgi' endpoint and a specific header, potentially aiming to execute malicious commands.
SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt
This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.
SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt
This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.