Rule History

alert http $EXTERNAL_NET any -> any any (msg:"ET WEB_SERVER JAWS Webserver Unauthenticated Shell Command Execution"; flow:established,to_server; http.method; content:"GET"; http.uri.raw; content:"/shell?cd%20/tmp|3b|wget%20"; depth:24; fast_pattern; http.header.raw; content:"Mozilla/5.0%20(Windows|3b|%20U|3b|%20Windows%20NT"; reference:md5,a26f67a1d0a50af72c5fd9c94e9f5a1c; classtype:web-application-attack; sid:2029008; rev:3; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2019_11_20, deployment Perimeter, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_21;)