Versions (2)
Version DetailsCurrent
Rev: 2 • Jan 23, 2026, 12:00 PMET WEB_SERVER GNU InetUtils Authentication Bypass via USER Environment Variable (CVE-2026-24061)
alert tcp any any -> $HOME_NET [23,2323] (msg:"ET WEB_SERVER GNU InetUtils Authentication Bypass via USER Environment Variable (CVE-2026-24061)"; flow:established,to_server; content:"|ff fa 27 00 00|USER|01|"; fast_pattern; content:"-f"; distance:0; pcre:"/^\s+[\w-]+\xff\xf0/Ri"; reference:url,seclists.org/oss-sec/2026/q1/89; reference:cve,2026-24061; classtype:attempted-admin; sid:2067186; rev:2; metadata:attack_target Client_and_Server, created_at 2026_01_23, cve CVE_2026_24061, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2026_01_30, former_sid 2865814; target:dest_ip;)
Jan 23, 2026, 12:00 PM
Jan 30, 2026, 12:00 PM
Jan 29, 2026, 10:34 PM
Jan 30, 2026, 9:34 PM
rules/emerging-web_server.rules