valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update exploit_cve_2021_31166.yar

Browse Source
This commit is contained in:
Florian Roth 2021-05-22 12:24:44 +02:00
parent 3dda1ff620
commit ee142d3683
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
yara/exploit_cve_2021_31166.yar
View File

@ -4,11 +4,10 @@ rule EXPL_CVE_2021_31166_Accept_Encoding_May21_1 {
description = "Detects malformed Accept-Encoding header field as used in code exploiting CVE-2021-31166"
author = "Florian Roth"
reference = "https://github.com/0vercl0k/CVE-2021-31166"
license = "https://creativecommons.org/licenses/by-nc/4.0/"
date = "2021-05-21"
score = 70
strings:
$xr1 = /[Aa]ccept\-[Ee]ncoding: [a-z\-]{1,16}, [a-z\-]{1,16}, [a-z\-]{1,16}, ,/
$xr1 = /[Aa]ccept\-[Ee]ncoding: [a-z\-]{1,16},([a-z\-\s]{1,16},|)*[\s]{1,20},/
condition:
1 of them
}