Rule History

SID: 2022793 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 5 • May 4, 2016, 12:00 PM

Message:

ET WEB_SERVER ImageMagick CVE-2016-3716 Move File Inbound (msl: + mvg)

Rule:

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ImageMagick CVE-2016-3716 Move File Inbound (msl: + mvg)"; flow:established,to_server; http.request_body; content:"viewbox|20|"; nocase; fast_pattern; content:"msl"; nocase; pcre:"/^\s*\x3a\s*[./]/Ri"; classtype:web-application-attack; sid:2022793; rev:5; metadata:created_at 2016_05_04, cve CVE_2016_3716, signature_severity Major, updated_at 2020_10_06;)

Created:

May 4, 2016, 12:00 PM

Updated:

Oct 6, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_server.rules