SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.
SERVER-APACHE Apache Subversion svn-ssh command injection attempt
This rule looks for a command injection found inside of an SVN repo attempting to use a malicious URL to leverage a ProxyCommand when a user attempts to use the command.
This rule alerts on traffic of a malicious SVN repository.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File
Rule Categories::Protocol::Other
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2017-9800 |
Loading description
|
Tactic: Initial Access
Technique: Compromise Software Dependencies and Development Tools
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org