iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

OS-OTHER Bash CGI environment variable injection attempt

These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.

OS-OTHER Bash CGI environment variable injection attempt

These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.

OS-OTHER Bash CGI environment variable injection attempt

These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.

OS-OTHER Bash CGI environment variable injection attempt

These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.

NF – SCAN Potential VNC Scan 5800-5820

This alert is triggered when detecting communication on ports 5800-5820 from an external source. Ports 5800-5820 are used by the virtual network computing service (VNC), which creates a screen-sharing system opening the network to remote communication. This alert may be triggered when an adversary is attempting to scan the network or gain initial access.