Rule History

SID: 10000778 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Nagios Core < 4.2.2 Curl Command Injection (CVE-2016-9565) Attempt

Rule:

alert http any any -> any any (msg: "ATTACK [PTsecurity] Nagios Core < 4.2.2 Curl Command Injection (CVE-2016-9565) Attempt"; flow: established, from_server; content: "302"; http_stat_code; content: "nagios"; http_header; flowbits: isset, CVE.2016-9565.RSSRequest; reference: url, legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html; reference: cve, 2016-9565; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10000778; rev: 1;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules