Rule History

alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 15"; flow:established,to_server; http.request_body; content:"n%61%6d%65["; nocase; fast_pattern; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61\%6d\%65\[[^\x5d]*?\W/i"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019436; rev:4; metadata:created_at 2014_10_16, cve CVE_2014_3704, confidence Medium, signature_severity Major, updated_at 2020_09_25;)