Versions (4)
Version DetailsCurrent
Rev: 3 • Mar 13, 2017, 12:00 PMET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3"; flow:to_server,established; http.header; content:"Content-Type|3a 20|%{(#"; nocase; fast_pattern; content:"multipart/form-data"; classtype:web-application-attack; sid:2024045; rev:3; metadata:affected_product Apache_Struts2, attack_target Web_Server, created_at 2017_03_13, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2020_08_04;)
Mar 13, 2017, 12:00 PM
Aug 4, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_specific_apps.rules