iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

SERVER-APACHE Apache Struts remote code execution attempt

This Snort rule is specifically crafted to detect attempts to exploit specific patterns associated with Apache Struts remote code execution vulnerabilities. It looks for these patterns in the HTTP request body of an established TCP connection on standard HTTP ports. If the patterns are detected, the rule triggers an alert.

Cyber Attack
Server-Apache

SERVER-APACHE Apache Struts remote code execution attempt

This Snort rule is specifically crafted to detect attempts to exploit multiple Apache Struts remote code execution vulnerabilities. It looks for specific patterns in the HTTP request body, indicating an attempt to exploit these known vulnerabilities. If the patterns are detected in the HTTP request body of an established TCP connection on standard HTTP ports, the rule triggers an alert.

Cyber Attack
Server-Apache

SERVER-APACHE Apache Struts remote code execution attempt

This Snort rule is specifically crafted to detect attempts to exploit the Apache Struts remote code execution vulnerability. It looks for specific patterns in the HTTP payload, indicating an attempt to exploit this known vulnerability. If the patterns are detected in the payload of an established TCP connection on standard HTTP ports, the rule triggers an alert.

Cyber Attack
Server-Apache

SERVER-APACHE Apache Struts remote code execution attempt

Cyber Attack
Server-Apache

NF – VNC server response

this Snort rule is designed to detect VNC server responses in TCP traffic from external networks to the internal network on any port. If the specified patterns are found within the payload of an established TCP connection, the rule triggers an alert. The rule is crafted to identify VNC server responses based on specific content patterns in the payload.

Cyber Attack
Radiflow

Page 26« First «...252627...»Last »