alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS D-Tale Filter Query Command Injection Attempt (CVE-2025-0655)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/dtale/test-filter/"; startswith; fast_pattern; content:"|3f|query|3d|"; within:50; content:"|40|pd.core.frame.com.builtins.__import__|28 27|os|27 29|.system|28 27|"; within:150; reference:url,github.com/rapid7/metasploit-framework/pull/19899; reference:cve,2024-3408; reference:cve,2025-0655; classtype:attempted-admin; sid:2060720; rev:1; metadata:affected_product D_Tale, attack_target Server, tls_state plaintext, created_at 2025_03_10, cve CVE_2025_0655, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_03_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)