Rule History

SID: 10001065 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 3 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Apache Struts < 2.3.32 < 2.5.10.1 RCE through Jakarta Multipart parser Attempt

Rule:

alert http any any -> any any (msg: "ATTACK [PTsecurity] Apache Struts < 2.3.32 < 2.5.10.1 RCE through Jakarta Multipart parser Attempt"; flow: established, to_server; content: "%{"; fast_pattern; http_header; content: "multipart/form-data"; http_header; content: "#_memberAccess"; http_header; content: "@java"; http_header; reference: cve, 2017-5638; reference: url, paper.seebug.org/241/; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10001065; rev: 3;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules