Versions (3)
Version DetailsCurrent
Rev: 4 • Feb 12, 2014, 12:00 PMET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt"; flow:established,to_server; http.method; content:"POST"; content:"Content-Type|3a|"; nocase; pcre:"/^[^\r\n]*?boundary\s*?=\s*?[^\r\n]/Ri"; isdataat:4091,relative; content:!"|0A|"; within:4091; http.header; content:"multipart/form-data"; fast_pattern; reference:url,blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html; reference:cve,2014-0050; classtype:web-application-attack; sid:2018113; rev:4; metadata:created_at 2014_02_12, cve CVE_2014_0050, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_22;)
Feb 12, 2014, 12:00 PM
Sep 22, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Nov 3, 2025, 10:34 PM
rules/emerging-web_server.rules