Versions (6)
Version DetailsCurrent
Rev: 3 • Jul 8, 2020, 12:00 PMET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt M2
alert http any any -> any any (msg:"ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt M2"; flow:established,to_server; http.uri; content:"/hsqldb"; depth:7; fast_pattern; content:"|3b|"; distance:0; reference:cve,2020-5902; reference:url,www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/; reference:url,support.f5.com/csp/article/K52145254; classtype:attempted-admin; sid:2030483; rev:3; metadata:affected_product F5, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2020_07_08, cve CVE_2020_5902, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_03_25; target:dest_ip;)
Jul 8, 2020, 12:00 PM
Mar 25, 2025, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 17, 2025, 9:34 PM
rules/emerging-exploit.rules