ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style)

SID: 2002034Rev: 120 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationsuccessful-recon-limited
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style)"; flow:established,from_server; file_data; content:"root|3a|x|3a|0|3a|0|3a|root|3a|/root|3a|/"; nocase; classtype:successful-recon-limited; sid:2002034; rev:12; metadata:created_at 2010_07_30, confidence Medium, signature_severity Unknown, updated_at 2019_07_26;)

Metadata

created at2010_07_30
confidenceMedium
signature severityUnknown
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!