Rule History

SID: 2017146 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 4 • Jul 13, 2013, 12:00 PM

Message:

ET WEB_SERVER HTTP Request Smuggling Attempt - Double Content-Length Headers

Rule:

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER HTTP Request Smuggling Attempt - Double Content-Length Headers"; flow:established,to_server; http.header.raw; content:"Content-Length|3a 20|"; fast_pattern; content:"Content-Length|3a 20|"; within:100; reference:url,www.owasp.org/index.php/HTTP_Request_Smuggling; classtype:web-application-attack; sid:2017146; rev:4; metadata:created_at 2013_07_13, deprecation_reason Performance, performance_impact Significant, signature_severity Major, updated_at 2024_02_20;)

Created:

Jul 13, 2013, 12:00 PM

Updated:

Feb 20, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_server.rules