Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:63605
This rule looks for injection metacharacters included in requests to Cacti's "cmd_realtime.php" endpoint that are intended to exploit a command injection vulnerability.
1:63604
This rule looks for the Java class and method org.apache.commons.lang3.event.EventUtils$EventBindingInvocationHandler that is used to bypass the NextGen Healthcare Mirth Connect denylist in order to execute Java code.
1:63587
This rule checks to see if the Content-Length of a request sent to a Windows Server Service is overly large and if at least 30 of these requests have been seen in 1 second
1:63536
This rule looks for
1:63455
This rule alerts on traffic that exploits the vulnerability outlined in CVE-2022-40022. It is looking for characters that can indicate an attempted command injection in the vulnerable parameter.
1:63454
This rule alerts on traffic that exploits the vulnerability outlined in CVE-2022-40022. It is looking for characters that can indicate an attempted command injection in the vulnerable parameter.