""ET EXPLOIT Apache Cocoon <= 2.1.x LFI (CVE-2020-11991)""

SID: 2033641

Revision: 2

Class Type: attempted-admin

Metadata: created_at 2021_08_02, cve CVE_2020_11991, updated_at 2021_08_02

Reference:

• cve

• 2020-11991

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/v2/api/product/manger/getInfo"

• Value: "ENTITY"

• Value: "DOCTYPE"

• Value: "SYSTEM"

• Value: "file|3a|//"

Within:

PCRE: "/ENTITY\s+?[^\s>]+?\s+?SYSTEM\s/Pi"

Special Options:

• nocase

• http_uri

• nocase

• http_client_body

• nocase

• fast_pattern

• http_client_body

• nocase

• http_client_body

• nocase

• http_client_body

source