Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Plone and Zope cmd Parameter Remote Command Execution Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/xmltools/minidom/xml/sax/saxutils/os/popen2?"; nocase; content:"cmd="; nocase; pcre:"/cmd=\w/i"; reference:url,exploit-db.com/exploits/18262; classtype:web-application-attack; sid:2014068; rev:6; metadata:created_at 2012_01_02, signature_severity Major, updated_at 2020_04_22;)