alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern; pcre:"/https\x3a.+(?<!\x5c)(:[\x22\x27]|\\x2[27])\s*?[\x3b&\x7c><].*?(:[\x22\x27]|\\x2[27])/Psi"; classtype:web-application-attack; sid:2022789; rev:5; metadata:created_at 2016_05_04, updated_at 2019_10_07;)

Added 2019-10-08 19:34:37 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; pcre:"/https\x3a.+(?<!\x5c)(:[\x22\x27]|\\x2[27])\s*?[\x3b&\x7c><].*?(:[\x22\x27]|\\x2[27])/Psi"; classtype:web-application-attack; sid:2022789; rev:4; metadata:created_at 2016_05_04, updated_at 2016_05_06;)

Added 2018-09-13 19:52:33 UTC


Added 2018-09-13 18:00:54 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; pcre:"/https\x3a.+(?<!\x5c)(:[\x22\x27]|\\x2[27])\s*?[\x3b&\x7c><].*?(:[\x22\x27]|\\x2[27])/Psi"; classtype:web-application-attack; sid:2022789; rev:4; metadata:created_at 2016_05_04, updated_at 2016_05_06;)

Added 2017-08-07 21:17:46 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; pcre:"/https\x3a.+(?<!\x5c)(:[\x22\x27]|\\x2[27])\s*?[\x3b&\x7c><].*?(:[\x22\x27]|\\x2[27])/Psi"; classtype:web-application-attack; sid:2022789; rev:4;)

Added 2016-05-20 09:58:28 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; pcre:"/https\x3a.+(?<!\x5c)(:[\x22\x27]|\\x2[27])\s*?[\x3b&\x7c><].*?(:[\x22\x27]|\\x2[27])/Psi"; classtype:web-application-attack; sid:2022789; rev:4;)

Added 2016-05-19 16:51:31 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; pcre:"/https\x3a[^\x27\x22\x60]+(?<!\x5c)(?:\x60[^\x60]*[\x60]\s*?|\x22\s*?[\x3b&\x7c><][^\x22]*[\x22])/Psi"; classtype:web-application-attack; sid:2022789; rev:3;)

Added 2016-05-06 17:23:32 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagic? CVE-2016-3714 Inbound (mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; pcre:"/https\x3a[^\x22]+(?<!\x5c)[\x22]\s*?[\x3b&\x7c><][^\x22]*[\x22]/Psi"; classtype:web-application-attack; sid:2022789; rev:2;)

Added 2016-05-04 17:53:35 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats