SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP pfSense pfBlockerNG plugin command injection attempt
This rule looks for command injection meta characters sent to the pfBlockerNG index.php page in the 'Host' header value.
This rule fires on command injection attempts for the pfSense pfBlockerNG plugin.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Exploitation for Privilege Escalation
None
No information provided
None
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org