[Silicon Defense logo]

SnortSnarf signature page

SERVER-APACHE Apache Struts remote code execution attempt

SnortSnarf v021111.1

Signature section (850)Top 20 source IPsTop 20 dest IPs

32 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 16:18:49.716813 on 07/18/2020
Latest such alert at 02:34:20.699807 on 05/15/2021

SERVER-APACHE Apache Struts remote code execution attempt 10 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:41819] [CVE:2017-9791][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5638]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
60.170.209.1358811
116.247.101.346611
112.196.34.1634411
92.52.175.1653311
114.80.114.812211
41.197.31.502211
221.12.58.1742211
116.207.199.2092211
213.183.51.172211
66.111.41.2501111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.383284610474

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Sun May 16 18:01:02 2021