Rule History

SID: 10004698 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Possible Apache Axis RCE via SSRF (CVE-2019-0227)

Rule:

alert http any any -> any any (msg:"ATTACK [PTsecurity] Possible Apache Axis RCE via SSRF (CVE-2019-0227)"; flow:established, to_client; content:"30"; http_stat_code; content:"Location:"; http_header; content:"method"; distance:0; http_header; pcre:"/(!|%21)(-|%2D|)+(>|%3E)/RHi"; content:"deployment"; distance:0; http_header; reference:cve, 2019-0227; reference:url, rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10004698; rev:1;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules