Rule History

alert http any any -> any any (msg: "ATTACK [PTsecurity] Safari 10.0.3 UAF RCE (CVE-2017-2491)"; flow: established, from_server; file_data; content: "RegExp"; content: ".repeat"; within: 25; content: ".repeat"; within: 50; content: ".repeat"; within: 50; content: "ArrayBuffer"; within: 100; content: "Uint8Array"; within: 50; content: "Float64Array"; within: 50; content: "jsCellHeader"; distance: 0; content: "butterfly"; distance: 0; reference: cve, 2017-2491; reference: url, github.com/phoenhex/files/blob/master/exploits/cachedcall-uaf.html; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10001322; rev: 2;)