ET HUNTING .exec in HTTP Header Inbound - Possible Exploit Activity - Suricata Rule 2033407 (et/open)

ET HUNTING .exec in HTTP Header Inbound - Possible Exploit Activity

SID: 2033407Rev: 20 viewsHistory

Sourceet/open

CreatedJuly 24, 2021

UpdatedJuly 24, 2021

Classificationbad-unknown

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET HUNTING .exec in HTTP Header Inbound - Possible Exploit Activity"; flow:established,to_server; http.header; content:".exec|28|"; fast_pattern; classtype:bad-unknown; sid:2033407; rev:2; metadata:created_at 2021_07_24, confidence Medium, signature_severity Major, tag possible_exploitation, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_24;)

Metadata

created at2021_07_24

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_07_24

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!