Rule History

SID: 10000758 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] iOS 10.1.x Remote memory corruption through certificate file Attempt

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] iOS 10.1.x Remote memory corruption through certificate file Attempt"; flow:established, from_server; content:"-----BEGIN CERTIFICATE-----"; depth:27; http_server_body; content:"YIKwYBBQUHMAKGgw"; distance:0; http_server_body; reference:url, cxsecurity.com/issue/WLB-2016110046; reference:url, rules.ptsecurity.com; classtype:attempted-dos; sid:10000758; rev:1;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules