Versions (4)
Version DetailsCurrent
Rev: 4 • Dec 30, 2011, 12:00 PMET WEB_SERVER Generic Web Server Hashing Collision Attack 2
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack 2"; flow:established,to_server; http.content_type; content:"multipart/form-data"; nocase; startswith; http.request_body; pcre:"/(\r\nContent-Disposition\x3a\s+form-data\x3b[^\r\n]+\r\n\r\n.+?){250}/Osmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014046; rev:4; metadata:created_at 2011_12_30, performance_impact Significant, confidence Medium, signature_severity Minor, updated_at 2024_02_08;)
Dec 30, 2011, 12:00 PM
Feb 8, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_server.rules