Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_CLIENT [Volex] Possible ColdFusion Unauthenticated Upload Attempt (CVE-2018-15961)"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/upload.cfm?action=upload"; nocase; fast_pattern; endswith; reference:cve,2018-15961; reference:url,volexity.com/blog/2018/11/08/active-exploitation-of-newly-patched-coldfusion-vulnerability-cve-2018-15961/; classtype:attempted-user; sid:2026604; rev:3; metadata:affected_product Adobe_Coldfusion, attack_target Web_Server, created_at 2018_11_13, cve CVE_2018_15961, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CVE_2018_15961, tag CISA_KEV, updated_at 2020_09_16;)