""ET EXPLOIT NB8-04 - Possible Unauthed RCE via whitelist bypass""
SID: 2024310
Revision: 1
Class Type: web-application-attack
Metadata: attack_target Server, created_at 2017_05_17, deployment Internal, performance_impact Moderate, signature_severity Major, updated_at 2017_05_17
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 1556
Flow: established,to_server
Contents:
-
Value: "ack=" Depth: 4
-
Value: "extension=bprd"
-
Value: "BPCD_WHITELIST_PATH"
Within:
PCRE:
Special Options:
- fast_pattern