[Silicon Defense logo]

SnortSnarf signature page

SERVER-APACHE Apache Struts remote code execution attempt

SnortSnarf v021111.1

Signature section (153)Top 20 source IPsTop 20 dest IPs

31 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 08:24:13.826429 on 08/07/2017
Latest such alert at 09:51:45.739507 on 06/11/2018

SERVER-APACHE Apache Struts remote code execution attempt 10 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:41819] [CVE:2017-9791][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5638]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
114.80.114.818811
116.247.101.346611
220.189.211.744411
45.249.181.492211
101.78.177.1222211
221.231.6.1742211
101.254.149.1332211
59.175.144.932211
221.12.58.1742211
66.111.41.2501111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.373114910112

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Wed Jul 18 17:01:01 2018