alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ColdFusion password.properties access"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"password.properties"; nocase; reference:url,cxsecurity.com/issue/WLB-2013050065; classtype:web-application-attack; sid:2016836; rev:4; metadata:created_at 2013_05_08, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)