#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:".action?"; http_uri; content:"redirect|3a|"; http_uri; distance:0; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:6; metadata:created_at 2013_07_17, former_category WEB_SERVER, updated_at 2022_05_03;)

Added 2022-07-12 18:43:29 UTC

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:".action?"; http_uri; content:"redirect|3a|"; http_uri; distance:0; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:5; metadata:created_at 2013_07_17, updated_at 2022_05_03;)

Added 2022-05-03 18:06:38 UTC

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:".action?"; http_uri; content:"redirect|3a|"; http_uri; distance:0; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:4; metadata:created_at 2013_07_17, updated_at 2020_04_24;)

Added 2021-09-21 19:58:50 UTC

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:".action?"; http_uri; content:"redirect|3a|"; http_uri; distance:0; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:4; metadata:created_at 2013_07_16, updated_at 2020_04_24;)

Added 2020-04-24 18:20:33 UTC

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:".action?"; http_uri; content:"redirect|3a|"; http_uri; distance:0; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:4; metadata:created_at 2013_07_16, updated_at 2013_07_16;)

Added 2018-09-13 19:47:19 UTC

Added 2018-09-13 17:57:50 UTC

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:".action?"; http_uri; content:"redirect|3a|"; http_uri; distance:0; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:4; metadata:created_at 2013_07_16, updated_at 2013_07_16;)

Added 2017-08-07 21:11:01 UTC

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect"; flow:established,to_server; content:"redirect|3a 25|"; http_uri; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a\x25/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:2;)

Added 2013-08-22 06:44:22 UTC

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2551 redirect"; flow:established,to_server; content:"redirect|3a 25|"; http_uri; content:"{"; http_uri; distance:0; pcre:"/[\?&]redirect\x3a\x25/U"; reference:url,struts.apache.org/release/2.3.x/docs/s2-016.html; classtype:attempted-user; sid:2017155; rev:1;)

Added 2013-07-16 20:58:54 UTC