Rule History

alert http any any -> any any (msg:"ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt M1"; flow:established,to_server; http.uri; content:"/tmui/login.jsp"; depth:15; fast_pattern; content:"|3b|"; distance:0; reference:cve,2020-5902; reference:url,support.f5.com/csp/article/K52145254; classtype:attempted-admin; sid:2030469; rev:6; metadata:affected_product F5, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2020_07_05, cve CVE_2020_5902, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_03_25; target:dest_ip;)