Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Novell eDirectory 'dconserv.dlm' Cross-Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/dhost/modules"; nocase; content:"dconserv.dlm="; nocase; pcre:"/(?:script|img|src|onmouse|onkey|onload)/i"; reference:url,www.securityfocus.com/bid/36567/info; classtype:web-application-attack; sid:2010031; rev:6; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_04;)