alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Metasploit Unix Shell)"; flow:to_server,established; http.method; content:"POST"; nocase; http.uri; content:"/script"; nocase; pcre:"/^\/?$/R"; http.request_body; content:"sun.misc.BASE64Decoder"; nocase; content:".decodeBuffer"; nocase; content:"/bin/sh"; fast_pattern; classtype:attempted-user; sid:2016296; rev:8; metadata:affected_product Any, attack_target Client_and_Server, created_at 2013_01_25, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2020_04_23;)