ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning
Sourceptrules/open
Fileptopen-attacks.rules
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning"; content:"GET"; http_method; content:"://" ; fast_pattern; distance:0; http_raw_uri; pcre:"/^\w+\s+\w+:\/\/\S+\s+.*?[\r\n].*?Host:[ \t]+[\w\.:]+\b/is" ; pcre:! "/^\w+\s+\w+:\/\/([^\/\s:#]+)[\/\s:#]\S*.+?Host:[ \t]*\1\S*\b/is" ; reference:url, bugs.squid-cache.org/show_bug.cgi?id=4501 ; reference:cve, 2016-4554 ; reference:url, rules.ptsecurity.com ; classtype:attempted-admin; sid:10000035; rev:5;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!