Versions (5)
Version DetailsCurrent
Rev: 5 • Aug 22, 2013, 12:00 PMET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632"; flow:to_server; http.method; content:"POST"; http.uri; content:"/adminapi/administrator.cfc?"; nocase; content:"method"; nocase; content:"login"; nocase; http.request_body; content:"rdsPasswordAllowed"; nocase; fast_pattern; pcre:"/rdsPasswordAllowed[\r\n\s]*?=[\r\n\s]*?(?:true|1)/i"; reference:url,www.exploit-db.com/exploits/27755/; reference:cve,2013-0632; classtype:attempted-user; sid:2017366; rev:5; metadata:created_at 2013_08_22, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_07_13;)
Aug 22, 2013, 12:00 PM
Jul 13, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 1, 2025, 11:34 PM
rules/emerging-web_server.rules