#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DELETED Possible OptionsBleed? (CVE-2017-9798)"; flow:established,to_server; content:"OPTIONS"; http_method; flowbits:set,ET.2017-9798; threshold: type both, count 30, seconds 30, track by_src; metadata: former_category WEB_SERVER; classtype:misc-activity; sid:2024759; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, cve 2017_9798, signature_severity Major, created_at 2017_09_19, performance_impact Moderate, updated_at 2019_12_20;)

Added 2019-12-20 18:14:26 UTC

#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible OptionsBleed? (CVE-2017-9798)"; flow:established,to_server; content:"OPTIONS"; http_method; flowbits:set,ET.2017-9798; threshold: type both, count 30, seconds 30, track by_src; metadata: former_category WEB_SERVER; classtype:misc-activity; sid:2024759; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, cve 2017_9798, signature_severity Major, created_at 2017_09_19, performance_impact Moderate, updated_at 2017_09_22;)

Added 2018-09-13 19:54:07 UTC

Added 2018-09-13 18:01:47 UTC

#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible OptionsBleed? (CVE-2017-9798)"; flow:established,to_server; content:"OPTIONS"; http_method; flowbits:set,ET.2017-9798; threshold: type both, count 30, seconds 30, track by_src; metadata: former_category WEB_SERVER; classtype:misc-activity; sid:2024759; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, cve 2017_9798, signature_severity Major, created_at 2017_09_19, performance_impact Moderate, updated_at 2017_09_22;)

Added 2017-09-22 16:46:59 UTC