ET DELETED WMF Escape Record Exploit - Version 3
Sourceet/open
Fileemerging-deleted.rules
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationattempted-user
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED WMF Escape Record Exploit - Version 3"; flow:established; flowbits:isset,emerging_wmf_expl ; pcre:"/\x26[\x00-\xff]\x09\x00/"; flowbits:unset,emerging_wmf_http ; flowbits:unset,emerging_wmf_expl ; flowbits:unset,emerging_wmf_expl_v1 ; threshold:type limit, track by_src, count 1,seconds 120 ; reference:url,www.frsirt.com/english/advisories/2005/3086 ; classtype:attempted-user; sid:2002742; rev:10; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_07_26;)
References
Metadata
created at2010_07_30
signature severityUnknown
updated at2019_07_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!