Versions (4)
Version DetailsCurrent
Rev: 1 • Sep 27, 2010, 12:00 PMET EXPLOIT Possible Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt
alert tcp $EXTERNAL_NET any -> $HOME_NET 50002 (msg:"ET EXPLOIT Possible Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt"; flow:established,to_server; content:"POST "; nocase; depth:5; content:"<!DOCTYPE"; nocase; distance:0; content:"<!ENTITY"; nocase; distance:0; content:"<soapenv|3A|Envelope"; nocase; distance:0; content:"<ns1|3A|Username>"; nocase; distance:0; flowbits:set,ET.etrust.fieldis; reference:url,shh.thathost.com/secadv/2009-06-15-entrust-ies.txt; reference:url,securitytracker.com/alerts/2010/Sep/1024391.html; classtype:misc-attack; sid:2011502; rev:1; metadata:created_at 2010_09_27, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Sep 27, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules