Versions (3)
Version DetailsCurrent
Rev: 2 • Mar 20, 2017, 12:00 PMET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1"; flow:to_server,established; content:"Content-Length|3a|"; nocase; content:"{"; content:"}"; content:"java|2e|"; nocase; content:"|2e|ognl"; fast_pattern:only; pcre:"/^Content-Length\x3a[^\r\n]*?\{(?=[^\r\n]*java\.)[^\r\n]*\.ognl[^\r\n]*\}/mi"; classtype:web-application-attack; sid:2024094; rev:2; metadata:affected_product Apache_Struts2, attack_target Web_Server, created_at 2017_03_20, deployment Datacenter, signature_severity Major, tag CISA_KEV, updated_at 2019_07_26;)
Mar 20, 2017, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-deleted.rules