alert http $HOME_NET any -> any any (msg:"ET INFO Selenium Server Grid Chrome 3.141.59 - Vulnerable Version Detected"; flow:established,to_client; http.stat_code; content:"200"; http.server; content:"Jetty"; startswith; file.data; content:"|3c|h2|3e|Selenium"; content:"|22|version|22 3a 20 22|3|2e|141|2e|59|22|"; fast_pattern; reference:url,github.com/BoredHackerBlog/selenium_code_exec_notes; classtype:attempted-recon; sid:2052360; rev:1; metadata:attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_05_02, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_02; target:src_ip;)