Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN OpenVASVT RCE Test String in HTTP Request Inbound"; flow:established,to_server; http.request_body; content:"T3BlblZBU1ZUIFJDRSBUZXN0"; threshold:type limit, track by_src, count 1, seconds 60; reference:url,github.com/greenbone/openvas-scanner/blob/622e205327ea374d1ccbb3b0e8dcb3fe5c1bb87d/nasl/nasl_http.c#L120; classtype:bad-unknown; sid:2033101; rev:3; metadata:attack_target Client_Endpoint, created_at 2021_06_07, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_22;)