Rule History

alert http any any -> any any (msg:"ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure (web.config) (CVE-2020-10148)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/web.config.i18n.ashx?"; nocase; fast_pattern; reference:url,gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965; reference:url,kb.cert.org/vuls/id/843464; reference:cve,2020-10148; classtype:web-application-attack; sid:2031459; rev:2; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_12_29, cve CVE_2020_10148, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2021_09_09;)