Versions (3)
Version DetailsCurrent
Rev: 1 • Oct 3, 2023, 12:00 PMET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-4115) set
alert smtp $HOME_NET any -> any any (msg:"ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-4115) set"; flow:established; flowbits:set,ET.eximsmtp; flowbits:noalert; content:"ESMTP Exim|20|"; fast_pattern; reference:url,www.zerodayinitiative.com/advisories/ZDI-23-1469/; reference:url,labs.watchtowr.com/exim-0days-90s-vulns-in-90s-software/; reference:cve,2023-4115; classtype:attempted-admin; sid:2048389; rev:1; metadata:attack_target SMTP_Server, created_at 2023_10_03, cve CVE_2023_4115, deployment Perimeter, deployment SSLDecrypt, performance_impact Significant, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_03, reviewed_at 2023_10_03; target:src_ip;)
Oct 3, 2023, 12:00 PM
Oct 3, 2023, 12:00 PM
Oct 4, 2023, 10:00 PM
Aug 19, 2025, 9:35 PM
rules/emerging-exploit.rules