SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP /etc/shadow file access attempt
This event is generated when someone attempts to access the /etc/shadow file. Impact: Attempted Information Leak Details: Rule checks for an attempt to retrieve the /etc/shadow file. Ease of Attack: Simple
This rule alerts when an attacker attempts to access the /etc/shadow file.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Discovery
Technique: File and Directory Discovery
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org