Skip to content

Commit

Permalink
Detect ShellShock pattern on all HTTT status codes.
Browse files Browse the repository at this point in the history
  • Loading branch information
@iasdeoupxe @chemamartinez
iasdeoupxe authored and chemamartinez committed Dec 18, 2019
1 parent 3669fdf commit 12c8361
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions rules/0245-web_rules.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,7 @@
<!--
Shellshock detected
Pattern: "(){:;};" (with spaces)
Code: 2xx, 3xx, 4xx, 50x
Code: all
Decoder: web-accesslog_decoders.xml
Examples:
Expand All @@ -233,7 +233,7 @@
-->

<rule id="31166" level="15">
<if_sid>31101,31108,31120</if_sid>
<if_sid>31100</if_sid>
<regex>"\(\)\s*{\s*\w*:;\s*}\s*;|"\(\)\s*{\s*\w*;\s*}\s*;</regex>
<description>Shellshock attack attempt</description>
<info type="cve">CVE-2014-6271</info>
Expand All @@ -242,7 +242,7 @@
</rule>

<rule id="31167" level="15">
<if_sid>31101,31108,31120</if_sid>
<if_sid>31100</if_sid>
<regex>"\(\)\s*{\s*_;\.*}\s*>_[\$\(\$\(\)\)]\s*{</regex>
<description>Shellshock attack attempt</description>
<info type="cve">CVE-2014-6278</info>
Expand Down

0 comments on commit 12c8361

Please sign in to comment.