alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS PRTG Network Monitor Information Disclosure Attempt (CVE-2020-11547)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/public/login.htm?type="; startswith; fast_pattern; pcre:"/^(?:version|cpuload|dnsname|serverhttpurl|windowsversion|systemid|treestat|memory|requests|screenshot|lastsync|probes|warnings)$/Ri"; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11547.yaml; reference:cve,2020-11547; classtype:successful-recon-limited; sid:2056354; rev:1; metadata:affected_product Paessler_PRTG, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_09_30, cve CVE_2020_11547, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Minor, updated_at 2024_09_30, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)