Versions (5)
Version DetailsCurrent
Rev: 2 • Sep 21, 2021, 12:00 PMET EXPLOIT Cisco ASA XSS Attempt (CVE-2020-3580)
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Cisco ASA XSS Attempt (CVE-2020-3580)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/+CSCOE+/saml/sp/acs?tgname="; fast_pattern; http.request_body; content:"=|22|><"; reference:url,twitter.com/ptswarm/status/1408050644460650502; reference:cve,2020-3580; classtype:web-application-attack; sid:2033994; rev:2; metadata:affected_product Web_Server_Applications, attack_target Networking_Equipment, created_at 2021_09_21, cve CVE_2020_3580, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_09_21;)
Sep 21, 2021, 12:00 PM
Sep 21, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 8, 2025, 9:34 PM
rules/emerging-exploit.rules