Versions (5)
Version DetailsCurrent
Rev: 7 • Mar 25, 2014, 12:00 PMET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 3
alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 3"; flow:from_client,established; content:"cbGlzdG92ZXJyaWRlY291bn"; isdataat:2,relative; pcre:"/^\s*/Rs"; content:!"Qx"; within:2; content:!"Q5"; within:2; content:!"Qw"; within:2; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018309; rev:7; metadata:created_at 2014_03_25, deprecation_reason Age, confidence Low, signature_severity Major, tag CISA_KEV, updated_at 2023_01_19;)
Mar 25, 2014, 12:00 PM
Jan 19, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules