Versions (5)
Version DetailsCurrent
Rev: 3 • Sep 30, 2019, 12:00 PMET EXPLOIT Possible EXIM DoS (CVE-2019-16928)
alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible EXIM DoS (CVE-2019-16928)"; flow:established,to_server; content:"EHLO "; depth:5; isdataat:5000,relative; content:!"|0a|"; within:500; reference:cve,2019-16928; reference:url,bugs.exim.org/show_bug.cgi?id=2449; reference:url,git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f; classtype:attempted-admin; sid:2028636; rev:3; metadata:attack_target SMTP_Server, created_at 2019_09_30, cve CVE_2019_16928, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_01;)
Sep 30, 2019, 12:00 PM
Oct 1, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 22, 2025, 9:34 PM
rules/emerging-exploit.rules