Rule History

SID: 10014001 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Roundcube RCE (CVE-2025-49113)

Rule:

alert http any any -> any any (msg: "ATTACK [PTsecurity] Roundcube RCE (CVE-2025-49113)"; flow: established, to_server; http.uri; content: "_uploadid="; nocase; content: "_from="; nocase; http.request_body; content: "filename="; nocase; content: "O|3a|16|3a|"; nocase; distance: 0; content: "Crypt_GPG_Engine"; nocase; distance: 0; content: "_gpgconf"; nocase; distance: 0; reference: cve, 2025-49113; reference: url, fearsoff.org/research/roundcube; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10014001; rev: 1;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules