alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED PHP-CGI query string parameter vulnerability"; flow:to_server,established; http.uri; content:"?"; content:"-"; fast_pattern; distance:0; pcre:"/(?:\/(?:php)?|\.php)\?[\s\+]*\-[A-Za-z]/i"; http.uri.raw; content:!"="; reference:cve,2012-1823; reference:url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/; reference:url,varanoid.com/research-alerts/us-cert/vu520827-php-cgi-query-string-parameter-vulnerability/; classtype:web-application-attack; sid:2014704; rev:9; metadata:created_at 2012_05_04, signature_severity Unknown, updated_at 2022_06_10;)