Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi sess_sid Parameter Buffer Overflow Attempt CVE-2013-3623"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/cgi/close_window.cgi"; nocase; http.request_body; content:"sess_sid="; nocase; pcre:"/(?:^|[\n\&])sess_sid=(?:%\d{2}|[^%&]){21}/"; reference:cve,CVE-2013-3623; reference:url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities; classtype:attempted-admin; sid:2017686; rev:4; metadata:created_at 2013_11_07, confidence Low, signature_severity Major, updated_at 2022_07_13;)