Versions (3)
Version DetailsCurrent
Rev: 9 • May 4, 2012, 12:00 PMET DELETED PHP-CGI query string parameter vulnerability
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED PHP-CGI query string parameter vulnerability"; flow:to_server,established; http.uri; content:"?"; content:"-"; fast_pattern; distance:0; pcre:"/(?:\/(?:php)?|\.php)\?[\s\+]*\-[A-Za-z]/i"; http.uri.raw; content:!"="; reference:cve,2012-1823; reference:url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/; reference:url,varanoid.com/research-alerts/us-cert/vu520827-php-cgi-query-string-parameter-vulnerability/; classtype:web-application-attack; sid:2014704; rev:9; metadata:created_at 2012_05_04, signature_severity Unknown, updated_at 2022_06_10;)
May 4, 2012, 12:00 PM
Jun 10, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-deleted.rules