Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Git client path validation command execution attempt

Rule Explanation

On operating systems which have case-insensitive file systems, Git clients can be convicned to retrieve and overwrite sensitive configuration files in the ".git" directory. This can lead to arbitrary code execution.

What To Look For

This event is generated when a command execution attack has been attempted on the Git Client Path Validation. This could lead to the repository being overwritten.

Known Usage

Public information/Proof of Concept available

False Positives

Known false positives, with the described conditions

There is a potential for a false positive event due to the fact that malicious traffic is almost identical to a normal request.

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Execution

Technique: User Execution

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org