Show Posts
1
Intrusion Detection and Prevention / Re: error in Suricata
« on: May 18, 2019, 06:27:15 pm »
I'm seeing a similar issue. Is there is a fix/patch for this error?
I have IPS Mode and Promiscuous Mode enabled with Pattern Matcher = Hyperscan only on WAN Interface.
OPNsense Versions :
OPNsense 19.1.7-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
Suricata Log :
May 18 12:16:00
OPNsense suricata: [100725] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ETPRO WEB_SPECIFIC_APPS Apache Tomcat CVE-2016-6816 Security Bypass Attempt"; flow:established,to_server; content:"GET"; http_method; content:"|7b 7b 25 7d 7d|"; http_uri; fast_pattern; content:"|5c|="; http_uri; distance:0; pcre:"/^\/[^\x7b]+\x7b{2}[^\x7d]+\x7d{2}[^\x5c]+\x5c=/U"; metadata: former_category WEB_SPECIFIC_APPS; reference:url,vuldb.com/?id.93797; classtype:web-application-attack; sid:2828954; rev:2; metadata:affected_product Apache_Tomcat, attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2017_12_15, performance_impact Low, updated_at 2017_12_15;)" from file /usr/local/etc/suricata/opnsense.rules/emerging-web_specific_apps.rules at line 45
I have IPS Mode and Promiscuous Mode enabled with Pattern Matcher = Hyperscan only on WAN Interface.
OPNsense Versions :
OPNsense 19.1.7-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
Suricata Log :
May 18 12:16:00
OPNsense suricata: [100725] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ETPRO WEB_SPECIFIC_APPS Apache Tomcat CVE-2016-6816 Security Bypass Attempt"; flow:established,to_server; content:"GET"; http_method; content:"|7b 7b 25 7d 7d|"; http_uri; fast_pattern; content:"|5c|="; http_uri; distance:0; pcre:"/^\/[^\x7b]+\x7b{2}[^\x7d]+\x7d{2}[^\x5c]+\x5c=/U"; metadata: former_category WEB_SPECIFIC_APPS; reference:url,vuldb.com/?id.93797; classtype:web-application-attack; sid:2828954; rev:2; metadata:affected_product Apache_Tomcat, attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2017_12_15, performance_impact Low, updated_at 2017_12_15;)" from file /usr/local/etc/suricata/opnsense.rules/emerging-web_specific_apps.rules at line 45