alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload Attempt M1"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/Telerik.Web.UI.WebResource.axd"; fast_pattern; content:"type=rau"; nocase; distance:0; http.request_body; content:"rauPostData"; nocase; reference:url,github.com/noperator/CVE-2019-18935; reference:cve,2019-18935; classtype:web-application-attack; sid:2029761; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2020_03_30, cve CVE_2019_18935, deployment Perimeter, confidence Medium, signature_severity Minor, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_10;)