alert tcp any any -> any any (msg:"ET DOS Possible Apache Traffic Server HTTP2 Settings Flood Error Response (CVE-2019-9515)"; flow:established,to_client; content:"|00 00 00 04 01|"; depth:5; content:"|00 00 00 04 01|"; distance:4; within:5; content:"|00 00 00 04 01|"; distance:4; within:5; threshold:type threshold, track by_src, count 20, seconds 10; flowbits:isset,ET.CVE20199515; reference:cve,2019-9515; classtype:denial-of-service; sid:2034096; rev:3; metadata:attack_target Server, created_at 2021_10_04, cve CVE_2019_9515, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)