alert tcp any any -> any any (msg:"ET DOS Possible Apache Traffic Server HTTP2 Settings Flood Denial of Service Inbound (CVE-2019-9515)"; flow:established,to_server; content:"|04|"; offset:3; depth:1; byte_jump:3,0, post_offset 9; content:"|04|"; within:1; byte_jump:3,0, post_offset 9; content:"|04|"; within:1; byte_jump:3,0, post_offset 9; content:"|04|"; within:1; threshold:type threshold, track by_dst, count 20, seconds 10; flowbits:isset,ET.http2; flowbits:set,ET.CVE20199515; flowbits:noalert; reference:cve,2019-9515; classtype:denial-of-service; sid:2034095; rev:3; metadata:attack_target Server, created_at 2021_10_04, cve CVE_2019_9515, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)