ET HUNTING Possible UPnP UUID Overflow Exploit Attempt from Internal Host - NOTIFY - Suricata Rule 2034498 (et/open)

ET HUNTING Possible UPnP UUID Overflow Exploit Attempt from Internal Host - NOTIFY

SID: 2034498Rev: 10 viewsHistory

Sourceet/open

CreatedNovember 18, 2021

UpdatedNovember 18, 2021

Classificationunknown

alert http [$HOME_NET,$HTTP_SERVERS] any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET HUNTING Possible UPnP UUID Overflow Exploit Attempt from Internal Host - NOTIFY"; flow:established,to_server; http.method; content:"NOTIFY"; http.header; content:"UUID|3a 20|"; fast_pattern; pcre:"/^[^\r\n]{100,}/R"; classtype:unknown; sid:2034498; rev:1; metadata:created_at 2021_11_18, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_11_18;)

Metadata

created at2021_11_18

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_11_18

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!