Rule History

SID: 2030093 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 2 • May 4, 2020, 12:00 PM

Message:

ET SCAN JAWS Webserver Unauthenticated Shell Command Execution

Rule:

alert http $EXTERNAL_NET any -> any any (msg:"ET SCAN JAWS Webserver Unauthenticated Shell Command Execution"; flow:established,to_server; http.method; content:"GET"; http.uri.raw; content:"/shell?cd+/tmp|3b|rm+-rf+*|3b|wget+"; depth:29; fast_pattern; reference:md5,fea9e4132fc9d30bda5eb6b1d9d0b9b9; classtype:web-application-attack; sid:2030093; rev:2; metadata:affected_product Linux, attack_target Web_Server, created_at 2020_05_04, deployment Perimeter, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_04;)

Created:

May 4, 2020, 12:00 PM

Updated:

May 4, 2020, 12:00 PM

DB Created:

May 4, 2020, 12:00 PM

DB Updated:

Sep 18, 2025, 8:36 PM

Filename:

rules/emerging-scan.rules