Rule History

SID: 10004555 • Source: ptrules/open

Versions (7)

Version DetailsCurrent

Rev: 4 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Arbitrary PHP RCE in Drupal 8 < 8.5.11,8.6.10 (CVE-2019-6340)

Rule:

alert http any any -> any any (msg:"ATTACK [PTsecurity] Arbitrary PHP RCE in Drupal 8 < 8.5.11,8.6.10 (CVE-2019-6340)"; flow:established, to_server; content:"GET"; http_method; content:"hal_json"; http_uri; content:"link"; http.request_body; content:"options"; distance:0; content:"O:"; distance:0; pcre:"/\x22options\x22\s*:\s*\x22O:\d+:/P"; reference:cve, 2019-6340; reference:url, www.ambionics.io/blog/drupal8-rce; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10004555; rev:4;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules