[Silicon Defense logo]

SnortSnarf signature page

SERVER-APACHE Apache Struts remote code execution attempt

SnortSnarf v021111.1

Signature section (346)Top 20 source IPsTop 20 dest IPs

29 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 14:15:00.283676 on 10/27/2018
Latest such alert at 16:18:50.093502 on 07/18/2019

SERVER-APACHE Apache Struts remote code execution attempt 9 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:41819] [CVE:2017-9791][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5638]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
60.170.209.1358811
116.247.101.346611
112.196.34.1634411
114.80.114.812211
41.197.31.502211
221.12.58.1742211
116.207.199.2092211
213.183.51.172211
66.111.41.2501111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.38293429212

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Thu Oct 24 06:01:03 2019