Versions (5)
Version DetailsCurrent
Rev: 2 • Dec 7, 2021, 12:00 PMET EXPLOIT Exiftool RCE Inbound (CVE-2021-22204)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Exiftool RCE Inbound (CVE-2021-22204)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"ANTa|00 00|"; fast_pattern; pcre:"/[^\r\n]*\x5c(?:n|c)[^\r\n]{0,100}[\x60\x24]/Ri"; reference:url,blogs.blogs.blackberry.com/en/2021/06/from-fix-to-exploit-arbitrary-code-execution-for-cve-2021-22204-in-exiftool; classtype:attempted-admin; sid:2034626; rev:2; metadata:affected_product Linux, attack_target Client_Endpoint, created_at 2021_12_07, cve CVE_2021_22204, deployment Perimeter, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_09;)
Dec 7, 2021, 12:00 PM
Mar 9, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 8, 2025, 9:34 PM
rules/emerging-exploit.rules