Rule History

alert http any any -> any any (msg: "ATTACK [PTsecurity] Apache Portals Pluto 3.0.0 RCE (CVE-2018-1306)"; flow: established, to_server; content: "HEAD"; http_method; content: "/pluto/portal/File Upload"; http_uri; depth: 25; content: "<%"; http_client_body; content: ".jsp"; http_client_body; reference: cve, 2018-1306; reference: url, packetstormsecurity.com/files/149366/apacheportalspluto300-exec.txt; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10003786; rev: 1;)