alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack"; flow:established,to_server; http.content_type; content:"application|2f|x-www-form-urlencoded"; nocase; startswith; http.request_body; pcre:"/([^=]+=[^&]*&){500}/O"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014045; rev:4; metadata:created_at 2011_12_30, performance_impact Significant, confidence Medium, signature_severity Minor, updated_at 2024_02_08;)