alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Apache Pinot Authentication Bypass (CVE-2024-56325)"; flow:established,to_server; http.uri; content:"|3b 2e|"; fast_pattern; endswith; http.header_names; content:!"Referer|0d 0a|"; reference:url,github.com/advisories/GHSA-6jwp-4wvj-6597; reference:cve,2024-56325; classtype:web-application-attack; sid:2061305; rev:2; metadata:affected_product Apache_Pinot, attack_target Server, created_at 2025_04_04, cve CVE_2024_56325, deployment Perimeter, deployment Internal, performance_impact Significant, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_04_07, reviewed_at 2025_08_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)