2017-03-14 14:53:29 +01:00
|
|
|
title: Shellshock Expression
|
2019-11-12 23:12:27 +01:00
|
|
|
id: c67e0c98-4d39-46ee-8f6b-437ebf6b950e
|
2022-10-09 16:54:04 +02:00
|
|
|
status: test
|
2017-03-14 14:53:29 +01:00
|
|
|
description: Detects shellshock expressions in log files
|
2018-01-28 02:24:16 +03:00
|
|
|
references:
|
2021-04-28 11:46:49 +02:00
|
|
|
- https://owasp.org/www-pdf-archive/Shellshock_-_Tudor_Enache.pdf
|
2023-02-01 11:14:59 +01:00
|
|
|
author: Florian Roth (Nextron Systems)
|
2024-08-12 12:02:50 +02:00
|
|
|
date: 2017-03-14
|
|
|
|
|
modified: 2022-10-09
|
2022-10-09 16:54:04 +02:00
|
|
|
tags:
|
|
|
|
|
- attack.persistence
|
|
|
|
|
- attack.t1505.003
|
2017-03-14 14:53:29 +01:00
|
|
|
logsource:
|
|
|
|
|
product: linux
|
|
|
|
|
detection:
|
2022-10-09 16:54:04 +02:00
|
|
|
keywords:
|
2021-04-28 11:47:24 +02:00
|
|
|
- '(){:;};'
|
|
|
|
|
- '() {:;};'
|
2021-04-28 11:46:49 +02:00
|
|
|
- '() { :;};'
|
|
|
|
|
- '() { :; };'
|
2022-06-03 15:35:24 +02:00
|
|
|
condition: keywords
|
2017-03-14 14:53:29 +01:00
|
|
|
falsepositives:
|
|
|
|
|
- Unknown
|
|
|
|
|
level: high
|
