ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style)

7.0.35.0SID: 2002034Rev: 13Enabled1 views
Sourceet/open
Fileemerging-attack_response.rules
CreatedJuly 30, 2010
UpdatedMarch 13, 2024
Classificationsuccessful-recon-limited
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style)"; flow:established,to_client; file.data; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:successful-recon-limited; sid:2002034; rev:13; metadata:created_at 2010_07_30, confidence Medium, signature_severity Unknown, updated_at 2024_03_13;)

Metadata

created at2010_07_30
confidenceMedium
signature severityUnknown
updated at2024_03_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!