Versions (6)
Version DetailsCurrent
Rev: 7 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Possible Mikrotik Router OS 6.38.4 Stack Clash RCE
alert http any any -> any any (msg:"ATTACK [PTsecurity] Possible Mikrotik Router OS 6.38.4 Stack Clash RCE"; flow:established, to_server; content:"POST"; http_method; content:"/jsproxy"; http_uri; fast_pattern; content:"Content-Length: "; http_header; content:!"|0D|"; within:6; http_header; byte_test:0, =, 167936, 0, relative, string; reference:url, github.com/BigNerd95/Chimay-Red/blob/master/StackClash_x86.py; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10002459; rev:7;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules