Versions (4)
Version DetailsCurrent
Rev: 8 • May 23, 2013, 12:00 PMET WEB_SERVER Possible NGINX Overflow CVE-2013-2028 Exploit Specific
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible NGINX Overflow CVE-2013-2028 Exploit Specific"; flow:established,to_server; pcre:"/^[\r\n\s]*?[^\r\n]+HTTP\/1\.\d[^\r\n]*?\r?\n((?!(\r?\n\r?\n)).)*?Transfer-Encoding\x3a[^\r\n]*?Chunked((?!(\r?\n\r?\n)).)*?\r?\n\r?\n[\r\n\s]*?(f{6}[8-9a-f][0-9a-f]|[a-f0-9]{9})/si"; http.header; content:"chunked"; nocase; fast_pattern; pcre:"/Transfer-Encoding\x3a[^\r\n]*?chunked/i"; reference:url,www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nginx_chunked_size.rb; classtype:attempted-admin; sid:2016918; rev:8; metadata:created_at 2013_05_23, confidence Medium, signature_severity Major, updated_at 2020_09_18;)May 23, 2013, 12:00 PM
Sep 18, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_server.rules