Rule History

SID: 2022849 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 4 • Jun 1, 2016, 12:00 PM

Message:

ET WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M2

Rule:

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M2"; flow:established,to_server; http.request_body; content:"viewbox|20|"; nocase; fast_pattern; content:"|20 22 7c|"; nocase; reference:url,seclists.org/oss-sec/2016/q2/432; reference:cve,2016-5118; classtype:trojan-activity; sid:2022849; rev:4; metadata:created_at 2016_06_01, cve CVE_2016_5118, confidence Medium, signature_severity Major, updated_at 2020_10_06;)

Created:

Jun 1, 2016, 12:00 PM

Updated:

Oct 6, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_server.rules