SID 1:53109

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt

Rule Explanation

This event is generated when an attempt to exploit RabbitMQ via CVE-2019-11287 is detected. Impact: Detection of a Denial of Service Attack Details: The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Ease of Attack: Simple, this can be done with any command line tool that allows an attacker to send http requests.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2019-11287

Additional Links

pivotal.io/security/cve-2019-11287

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2019-11287
 Loading description