Rule History

SID: 2010862 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 7 • Jul 30, 2010, 12:00 PM

Message:

ET WEB_SPECIFIC_APPS Possible APC Network Management Card Cross Site Scripting Attempt

Rule:

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible APC Network Management Card Cross Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/Forms/login"; nocase; content:"login_username="; nocase; pcre:"/(?:script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/i"; reference:cve,2009-1798; classtype:web-application-attack; sid:2010862; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2009_1798, deployment Datacenter, confidence Medium, signature_severity Major, tag XSS, tag Cross_Site_Scripting, updated_at 2020_09_03;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

Sep 3, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_specific_apps.rules