Rule History

SID: 10013214 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Apache Tomcat RCE (CVE-2025-24813)

Rule:

alert http any any -> any any (msg:"ATTACK [PTsecurity] Apache Tomcat RCE (CVE-2025-24813)"; flow:to_server, established; http.method; content:"PUT"; http.uri; content:"session"; endswith; http.header; content:"Content-Range|3a 20|bytes"; reference:cve, 2025-24813; reference:url, scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10013214; rev:1;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules