[Silicon Defense logo]

SnortSnarf signature page

SERVER-APACHE Apache Struts remote code execution attempt

SnortSnarf v021111.1

Signature section (773)Top 20 source IPsTop 20 dest IPs

32 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 14:29:38.900448 on 04/14/2020
Latest such alert at 06:22:59.261900 on 01/11/2021

SERVER-APACHE Apache Struts remote code execution attempt 10 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:41818] [CVE:2017-9791][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5638]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
60.170.209.1358811
116.247.101.346611
112.196.34.1634411
92.52.175.1653311
41.197.31.502211
116.207.199.2092211
213.183.51.172211
114.80.114.812211
221.12.58.1742211
66.111.41.2501111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.383276910431

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Sun Feb 28 17:01:01 2021