alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible EXPLODINGCAN IIS5.0/6.0 Exploit Attempt"; flow:to_server,established; urilen:1; http.method; content:"PROPFIND"; http.header; content:"Content-Length|3a 20|0|0d 0a|Host|3a 20|"; depth:25; content:"|0d 0a|If|3a 20|<http"; fast_pattern; classtype:trojan-activity; sid:2024222; rev:3; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2017_04_18, deployment Perimeter, confidence Medium, signature_severity Critical, tag possible_exploitation, updated_at 2020_08_05;)