rules/web/web_apache_segfault.yml

title: Apache Segmentation Fault
id: 1da8ce0b-855d-4004-8860-7d64d42063b1
status: test
description: Detects a segmentation fault error message caused by a creashing apache worker process
references:
    - http://www.securityfocus.com/infocus/1633
author: Florian Roth
date: 2017/02/28
modified: 2021/11/27
tags:
    - attack.impact
    - attack.t1499.004
logsource:
    service: apache
detection:
    keywords:
        - 'exit signal Segmentation Fault'
    condition: keywords
falsepositives:
    - Unknown
level: high
Apache segmentation fault rule 2017-02-28 17:53:06 +01:00			`title: Apache Segmentation Fault`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`id: 1da8ce0b-855d-4004-8860-7d64d42063b1`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`status: test`
att&ck tags review: web, network/zeek 2020-09-03 17:04:57 +03:00			`description: Detects a segmentation fault error message caused by a creashing apache worker process`
Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00			`references:`
$frack113$ Order yaml field 2022-10-25 10:08:58 +02:00			`- http://www.securityfocus.com/infocus/1633`
			`author: Florian Roth`
$frack113$ Change status for old rules 2021-11-27 11:33:14 +01:00			`date: 2017/02/28`
			`modified: 2021/11/27`
$frack113$ Order yaml field 2022-10-25 10:08:58 +02:00			`tags:`
			`- attack.impact`
			`- attack.t1499.004`
Apache segmentation fault rule 2017-02-28 17:53:06 +01:00			`logsource:`
$frack113$ Order yaml field 2022-10-25 10:08:58 +02:00			`service: apache`
Apache segmentation fault rule 2017-02-28 17:53:06 +01:00			`detection:`
$frack113$ Order yaml field 2022-10-25 10:08:58 +02:00			`keywords:`
			`- 'exit signal Segmentation Fault'`
			`condition: keywords`
Apache segmentation fault rule 2017-02-28 17:53:06 +01:00			`falsepositives:`
$frack113$ Order yaml field 2022-10-25 10:08:58 +02:00			`- Unknown`
Apache segmentation fault rule 2017-02-28 17:53:06 +01:00			`level: high`