Versions (4)
Version DetailsCurrent
Rev: 3 • Oct 4, 2021, 12:00 PMET DOS Possible Apache Traffic Server HTTP2 Settings Flood Denial of Service Inbound (CVE-2019-9515)
alert tcp any any -> any any (msg:"ET DOS Possible Apache Traffic Server HTTP2 Settings Flood Denial of Service Inbound (CVE-2019-9515)"; flow:established,to_server; content:"|04|"; offset:3; depth:1; byte_jump:3,0, post_offset 9; content:"|04|"; within:1; byte_jump:3,0, post_offset 9; content:"|04|"; within:1; byte_jump:3,0, post_offset 9; content:"|04|"; within:1; threshold:type threshold, track by_dst, count 20, seconds 10; flowbits:isset,ET.http2; flowbits:set,ET.CVE20199515; flowbits:noalert; reference:cve,2019-9515; classtype:denial-of-service; sid:2034095; rev:3; metadata:attack_target Server, created_at 2021_10_04, cve CVE_2019_9515, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Oct 4, 2021, 12:00 PM
Jun 23, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-dos.rules