Rule History

SID: 2027442 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 4 • Jun 7, 2019, 12:00 PM

Message:

ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)

Rule:

alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)"; flow:established,to_server; content:"RCPT|20|TO"; content:"|24 7b|run|7b|"; within:12; fast_pattern; content:"|7d 7d 40|"; distance:0; reference:url,www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt; classtype:attempted-admin; sid:2027442; rev:4; metadata:attack_target SMTP_Server, created_at 2019_06_07, cve CVE_2019_10149, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2020_08_19;)

Created:

Jun 7, 2019, 12:00 PM

Updated:

Aug 19, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit.rules