Versions (3)
Version DetailsCurrent
Rev: 3 • Nov 20, 2023, 12:00 PMET EXPLOIT F5 BIG-IP - Successful Command Execution via util/bash
alert http $HOME_NET any -> any any (msg:"ET EXPLOIT F5 BIG-IP - Successful Command Execution via util/bash"; flow:established,to_client; flowbits:isset,ET.BIGIP.Bash; http.stat_code; content:"200"; http.response_body; content:"|22|command|22|"; content:"|22|utilCmdArgs|22|"; fast_pattern; classtype:successful-admin; sid:2049260; rev:3; metadata:affected_product F5, attack_target Networking_Equipment, created_at 2023_11_20, deployment Perimeter, deployment SSLDecrypt, former_category INFO, performance_impact Low, confidence High, signature_severity Major, updated_at 2026_01_20; target:src_ip;)
Nov 20, 2023, 12:00 PM
Jan 20, 2026, 12:00 PM
Nov 20, 2023, 11:00 PM
Jan 20, 2026, 9:34 PM
rules/emerging-exploit.rules