Rule History

SID: 2025184 • Source: et/open

Versions (5)

Version DetailsCurrent

Rev: 4 • Jan 4, 2018, 12:00 PM

Message:

ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based)

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based)"; flow:established,from_server; file_data; content:"<script"; content:"|3c 20|simpleByteArray.length|29|"; distance:0; content:"simpleByteArray|5b|"; within:50; content:"|2a 20|TABLE1_STRIDE|29 7c 30 29 20 26 20 28|TABLE1_BYTES-1|29|"; distance:0; fast_pattern; content:"|5e 3d 20|probeTable|5b|"; distance:0; content:"|7c 30 5d 7c 30 3b|"; distance:0; reference:cve,2017-5753; reference:cve,2017-5715; reference:url,spectreattack.com/spectre.pdf; classtype:attempted-user; sid:2025184; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_01_04, cve CVE_2017_5753, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_16, reviewed_at 2024_09_16;)

Created:

Jan 4, 2018, 12:00 PM

Updated:

Sep 16, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 29, 2025, 9:34 PM

Filename:

rules/emerging-web_client.rules