2021-05-31 10:49:42 +02:00
|
|
|
title: Nginx Core Dump
|
|
|
|
|
id: 59ec40bb-322e-40ab-808d-84fa690d7e56
|
2021-07-03 10:39:37 +08:00
|
|
|
description: Detects a core dump of a crashing Nginx worker process, which could be a signal of a serious problem or exploitation attempts.
|
2021-11-19 22:32:26 +01:00
|
|
|
status: experimental
|
2021-05-31 10:49:42 +02:00
|
|
|
author: Florian Roth
|
|
|
|
|
date: 2021/05/31
|
|
|
|
|
references:
|
|
|
|
|
- https://docs.nginx.com/nginx/admin-guide/monitoring/debugging/#enabling-core-dumps
|
|
|
|
|
- https://www.x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
|
|
|
|
|
logsource:
|
2022-03-22 17:58:29 +01:00
|
|
|
service: apache
|
2021-05-31 10:49:42 +02:00
|
|
|
detection:
|
|
|
|
|
keywords:
|
|
|
|
|
- 'exited on signal 6 (core dumped)'
|
|
|
|
|
condition: keywords
|
|
|
|
|
falsepositives:
|
|
|
|
|
- Serious issues with a configuration or plugin
|
|
|
|
|
level: high
|
|
|
|
|
tags:
|
|
|
|
|
- attack.impact
|
2021-07-03 10:39:37 +08:00
|
|
|
- attack.t1499.004
|
