alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?(:[\x22\x27]|\\x2[27])https.+?&quot\s*?\x3b(?:\x7c|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:5; metadata:created_at 2016_05_04, updated_at 2019_10_07;)

Added 2019-10-08 19:34:37 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern:only; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?(:[\x22\x27]|\\x2[27])https.+?&quot\s*?\x3b(?:\x7c|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:4; metadata:created_at 2016_05_04, updated_at 2016_05_06;)

Added 2018-09-13 19:52:33 UTC


Added 2018-09-13 18:00:54 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern:only; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?(:[\x22\x27]|\\x2[27])https.+?&quot\s*?\x3b(?:\x7c|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:4; metadata:created_at 2016_05_04, updated_at 2016_05_06;)

Added 2017-08-07 21:17:46 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern:only; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?(:[\x22\x27]|\\x2[27])https.+?&quot\s*?\x3b(?:\x7c|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:4;)

Added 2016-05-20 09:58:28 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern:only; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?(:[\x22\x27]|\\x2[27])https.+?&quot\s*?\x3b(?:\x7c|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:4;)

Added 2016-05-19 16:51:31 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern:only; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?[\x22\x27]https[^\x22\x27]+(?:&(?:#(?:x00(?:22|60)|34|96)|quot)\x3b|\x60)\s*?(?:\x7c|\x3b|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:3;)

Added 2016-05-06 17:23:32 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagic? CVE-2016-3714 Inbound (svg)"; flow:established,to_server; content:"<svg "; http_client_body; nocase; fast_pattern:only; content:"xlink"; http_client_body; nocase; pcre:"/xlink\s*?\x3a\s*?href\s*?=\s*?[\x22\x27]https[^\x22\x27]+&quot\s*?\x3b(?:\x7c|&(?:[gl]t|amp)\s*?\x3b)/Psi"; classtype:web-application-attack; sid:2022790; rev:2;)

Added 2016-05-04 17:53:35 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats