[Emerging-Sigs] Signature for Bash Exploit?
wmetcalf at emergingthreatspro.com
Fri Sep 26 14:22:44 EDT 2014
Because we got some FP's in testing. That said if you know your web apps
and you never expect this, enable them :) We might modify these a bit today
anding a pcre to anchor against places where bash where env vars might be
populated i.e. chars like [?=\x3a\s\x2f]
On Fri, Sep 26, 2014 at 1:11 PM, waldo kitty <wkitty42 at windstream.net>
> On 9/25/2014 7:56 PM, Francis Trudeau wrote:
>> There was a lot of them created over the past couple days. They are
>> all in OPEN so they should be widespread.
>> 37 in total went out, with 30 of them being generic url-encode rules
>> that are disabled by default.
> are these disabled by default because they may appear in legitimate web
> pages or because they may FP a lot?
> NOTE: No off-list assistance is given without prior approval.
> Please *keep mailing list traffic on the list* unless
> private contact is specifically requested and granted.
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs