Rule History

alert http any any -> any any (msg: "ATTACK [PTsecurity] Confluence <6.14.2,6.13.3,6.12.3 Unauthorized RCE (CVE-2019-3396)"; flow: established, to_server; content: "/rest/tinymce/"; http_uri; content: "/macro/preview"; http_uri; distance: 0; content: "contentId"; http_client_body; content: "_template"; http_client_body; content: "url"; http_client_body; reference: url, paper.seebug.org/886; reference: cve, 2019-3396; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10004699; rev: 1;)