Versions (4)
Version DetailsCurrent
Rev: 4 • Dec 16, 2015, 12:00 PMET EXPLOIT Joomla RCE M3 (Serialized PHP in XFF)
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Joomla RCE M3 (Serialized PHP in XFF)"; flow:established,to_server; http.header; content:"O|3a|"; fast_pattern; pcre:"/^X-Forwarded-For\x3a[^\r\n]*\bO\x3a\d+\x3a[^\r\n]*?\{[^\r\n]*?\}/mi"; reference:url,blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html; classtype:web-application-attack; sid:2022268; rev:4; metadata:created_at 2015_12_16, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_05;)
Dec 16, 2015, 12:00 PM
Oct 5, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 9, 2025, 9:35 PM
rules/emerging-exploit.rules