Rule History

SID: 2011806 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 6 • Oct 13, 2010, 12:00 PM

Message:

ET WEB_SERVER ScriptResource.axd access without t (time) parameter - possible ASP padding-oracle exploit

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER ScriptResource.axd access without t (time) parameter - possible ASP padding-oracle exploit"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"ScriptResource.axd"; nocase; content:!"&t="; nocase; content:!"&amp|3b|t="; nocase; detection_filter:track by_src,count 15,seconds 2; reference:url,netifera.com/research/; reference:url,www.microsoft.com/technet/security/advisory/2416728.mspx; classtype:web-application-attack; sid:2011806; rev:6; metadata:created_at 2010_10_13, signature_severity Major, updated_at 2020_09_13;)

Created:

Oct 13, 2010, 12:00 PM

Updated:

Sep 13, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_server.rules