2024-06-11 (TUESDAY): EXAMPLE OF CVE-2024-4577 PROBE

NOTES:

• I saw a single hit from 221.122.67[.]75 for a CVE-2024-4577 probe on an Ubuntu Apache web server I am running.
• I sanitized the pcap of this example, changing the associated MAC addresses and altering my server's IP address in the traffic.  Everything else is unaltered.

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

REFERENCES:

• https://www.linkedin.com/posts/unit42_php-timelythreatintel-unit42threatintel-activity-7206454162195111936-G4Gl
• https://x.com/Unit42_Intel/status/1800688488330764515

ASSOCIATED FILE:

• 2024-06-11-CVE-2024-4577-probe.pcap.zip   1.2 kB   (1,225 bytes)

 

IMAGES

Shown above:  HTTP stream of the CVE-2024-4577 probe against my Ubuntu Apache webserver.

 

Click here to return to the main page.