[Silicon Defense logo]

SnortSnarf signature page

SERVER-APACHE Apache Struts remote code execution attempt

SnortSnarf v021111.1

Signature section (234)Top 20 source IPsTop 20 dest IPs

45 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 14:52:55.152228 on 04/14/2018
Latest such alert at 04:56:38.079734 on 01/11/2019

SERVER-APACHE Apache Struts remote code execution attempt 15 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:41818] [CVE:2017-9791][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5638]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
114.80.114.818811
116.247.101.346611
220.189.211.744411
123.249.13.44411
122.165.109.1094411
134.175.194.2172211
221.231.6.1742211
101.78.177.1222211
101.254.149.1332211
116.255.159.912211
221.12.58.1742211
59.175.144.932211
45.249.181.492211
27.223.92.1382211
66.111.41.2501111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.374523015148

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Fri Jan 18 16:01:01 2019