""ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361)""
SID: 2024034
Revision: 1
Class Type: attempted-user
Metadata: affected_product Mac_OSX, affected_product Safari, attack_target Client_Endpoint, created_at 2017_03_08, cve CVE_2017_2361, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2017_03_08
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "%25252f..%25252f..%25252f..%25252f..%25252f..%25252f..%25252f"
-
Value: "javascript%253aeval"
-
Value: "help|3a 2f 2f|"
Within:
PCRE: "/document\s.\slocation\s?\x3d\s?[\x27\x22]help\x3a\/\/\/[^\x3b]+?\%25252f..\%25252f..\%25252f..\%25252f/"
Special Options:
-
file_data
-
fast_pattern