Versions (3)
Version DetailsCurrent
Rev: 5 • Jul 4, 2012, 12:00 PMET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir Bruteforce)
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir Bruteforce)"; flow:established,to_server; http.uri; content:"~1"; fast_pattern; pcre:"/([\*\?]~1|~1\.?[\*\?]|\/~1\/)/"; reference:url,soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf; classtype:network-scan; sid:2015023; rev:5; metadata:created_at 2012_07_04, confidence Medium, signature_severity Minor, updated_at 2020_09_17;)
Jul 4, 2012, 12:00 PM
Sep 17, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_server.rules