alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3715 File Deletion Inbound (ephermeral:+ mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern; content:"ephemeral"; http_client_body; nocase; pcre:"/^\s*\x3a\s*[./]/RPi"; classtype:web-application-attack; sid:2022792; rev:4; metadata:created_at 2016_05_04, updated_at 2019_10_07;)

Added 2019-10-08 19:34:37 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3715 File Deletion Inbound (ephermeral:+ mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; content:"ephemeral"; http_client_body; nocase; pcre:"/^\s*\x3a\s*[./]/RPi"; classtype:web-application-attack; sid:2022792; rev:3; metadata:created_at 2016_05_04, updated_at 2016_05_06;)

Added 2018-09-13 19:52:33 UTC


Added 2018-09-13 18:00:54 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3715 File Deletion Inbound (ephermeral:+ mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; content:"ephemeral"; http_client_body; nocase; pcre:"/^\s*\x3a\s*[./]/RPi"; classtype:web-application-attack; sid:2022792; rev:3; metadata:created_at 2016_05_04, updated_at 2016_05_06;)

Added 2017-08-07 21:17:46 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick? CVE-2016-3715 File Deletion Inbound (ephermeral:+ mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; content:"ephemeral"; http_client_body; nocase; pcre:"/^\s*\x3a\s*[./]/RPi"; classtype:web-application-attack; sid:2022792; rev:3;)

Added 2016-05-06 17:23:32 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagic? CVE-2016-3715 File Deletion Inbound (ephermeral:+ mvg)"; flow:established,to_server; content:"viewbox "; nocase; http_client_body; fast_pattern:only; content:"ephemeral"; http_client_body; nocase; pcre:"/^\s*\x3a\s*[./]/RPi"; classtype:web-application-attack; sid:2022792; rev:2;)

Added 2016-05-04 17:53:35 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats