""ET WEB_SPECIFIC_APPS OGNL Expression Injection (CVE-2017-9791)""
SID: 2024468
Revision: 1
Class Type: attempted-user
Metadata: affected_product Apache_Struts2, attack_target Web_Server, created_at 2017_07_14, cve CVE_2017_9791, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2017_07_14
Reference:
-
cve
-
2017-9791
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "multipart"
-
Value: "form-data"
-
Value: "ognl.OgnlContext"
-
Value: "DEFAULT_MEMBER_ACCESS"
-
Value: "java.lang.ProcessBuilder"
-
Value: ".start"
Within: 23
PCRE:
Special Options:
-
http_method
-
nocase
-
http_client_body
-
http_client_body
-
http_client_body
-
fast_pattern
-
http_client_body
-
http_client_body
-
http_client_body