alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT DRIVEBY NeoSploit - Java Exploit Requested"; flow:established,to_server; urilen:>89; http.uri; content:".jar"; fast_pattern; endswith; pcre:"/^\/[a-f0-9]{24}\/[a-f0-9]{24}\/[a-f0-9]{24}\/[0-9]{7,8}\/.*\.jar$/"; http.user_agent; content:"Java/1"; classtype:exploit-kit; sid:2015689; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2012_09_11, deployment Perimeter, signature_severity Major, tag DriveBy, updated_at 2024_03_03;)