Rule History

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS PaperCut NG/MF Possible Directory Traversal/File Upload Exploit Attempt (CVE-2023-39143)"; flow: established,to_server; http.uri.raw; content:"/custom-report-example/"; fast_pattern; startswith; content:"|2e 2e 5c|"; distance:0; threshold:type limit, count 1, seconds 300, track by_src; reference:url,www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/; reference:cve,2023-39143; classtype:attempted-admin; sid:2047631; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2023_08_11, cve CVE_2023_39143, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, reviewed_at 2024_10_01, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)