alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization"; flow:to_server,established; content:"GET"; nocase; http_method; content:"|5C|"; http_uri; content:".aspx"; within:100; nocase; http_uri; reference:cve,CVE-2004-0847; classtype:web-application-attack; sid:2001342; rev:26; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2020_08_20;)