Rule History

alert http any any -> any any (msg: "ATTACK [PTsecurity] Cookieless string in ASP.NET (CVE-2023-36899)"; flow: established, to_server; http.uri; content: "/("; fast_pattern; content: "))"; distance: 0; pcre: "/\/\([A-Z]\(.*?\)\).*?\)\)/"; reference: url, soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899; reference: cve, 2023-36899; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10009357; rev: 3;)