Rule History

SID: 2066622 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 2 • Jan 8, 2026, 12:00 PM

Message:

ET EXPLOIT Roundcube XSS via SVG Animate Attributes (CVE-2024-37383)

Rule:

alert smtp any any -> [$HOME_NET,$SMTP_SERVERS] any (msg:"ET EXPLOIT Roundcube XSS via SVG Animate Attributes (CVE-2024-37383)"; flow:established,to_server; content:"|3c|animate|20|"; content:"attributename|3d 22|href|20 22|"; fast_pattern; nocase; distance:0; content:"values|3d 22|"; nocase; pcre:"/^[^\x22]*?javascript\x3a/Ri"; reference:url,global.ptsecurity.com/en/research/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability/; reference:cve,2024-37383; classtype:misc-attack; sid:2066622; rev:2; metadata:affected_product Roundcube, attack_target SMTP_Server, created_at 2026_01_08, cve CVE_2024_37383, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2026_02_04, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

Created:

Jan 8, 2026, 12:00 PM

Updated:

Feb 4, 2026, 12:00 PM

DB Created:

Jan 8, 2026, 10:34 PM

DB Updated:

Feb 4, 2026, 10:34 PM

Filename:

rules/emerging-exploit.rules