alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible F5 BIG-IP AJP Request Smuggling Attempt (CVE-2023-46747)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/tmui"; http.header; content:"Transfer-Encoding|3a 20|chunked, chunked"; fast_pattern; reference:url,www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/; reference:cve,2023-46747; classtype:web-application-attack; sid:2048925; rev:1; metadata:affected_product F5, attack_target Networking_Equipment, created_at 2023_10_27, cve CVE_2023_46747, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence Low, signature_severity Major, tag CISA_KEV, updated_at 2023_10_27, reviewed_at 2024_10_02; target:dest_ip;)