SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP PHPUnit PHP remote code execution attempt
This event is generated when an attacker attempts to exploit a remote code execution vulnerability present in PHPUnit. Impact: Web Application Attack Details: Rule checks for an attempt to exploit PHPUnit and execute arbitrary PHP code. Ease of Attack: Simple; Public exploit information is available.
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2017-9841Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. |
|