Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device (CVE-2011-0228)"; flow:established,to_server; threshold: type limit, count 1, seconds 600, track by_src; http.header; content:"Mozilla/5.0 |28|iPhone"; content:" OS 4_"; distance:0; content:!"OS 4_2_1 like"; pcre:"/OS 4_2_[0-9] like/"; reference:url,support.apple.com/kb/HT1222; reference:url,support.apple.com/kb/HT4825; reference:url,en.wikipedia.org/wiki/IOS_version_history; reference:url,github.com/jan0/isslfix; reference:cve,CVE-2011-0228; classtype:not-suspicious; sid:2013408; rev:8; metadata:created_at 2011_08_12, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_10;)