Versions (6)
Version DetailsCurrent
Rev: 2 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Likely Apache HTTP Server 2.4.49 Directory Traversal (CVE-2021-41773)
alert http any any -> any any (msg: "ATTACK [PTsecurity] Likely Apache HTTP Server 2.4.49 Directory Traversal (CVE-2021-41773)"; flow: established, to_server; content: "%2e/"; nocase; http_raw_uri; pcre: "/\/(\.|%2e)%2e\//Ii"; threshold: type limit, track by_src, count 1, seconds 60; reference: cve, 2021-41773; reference: url, twitter.com/lofi42/status/1445382059640434695; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10006811; rev: 2;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules