ET HUNTING HTTP Request Body Longer Than Content-Length Specifies - Investigate Possible Overflow Activity - Suricata Rule 2069477 (et/open)

ET HUNTING HTTP Request Body Longer Than Content-Length Specifies - Investigate Possible Overflow Activity

SID: 2069477Rev: 12 views

Sourceet/open

CreatedMay 28, 2026

UpdatedMay 28, 2026

Classificationmisc-activity

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET HUNTING HTTP Request Body Longer Than Content-Length Specifies - Investigate Possible Overflow Activity"; flow:established,to_server; http.method; pcre:"/^(?:GE|POS)T/"; http.content_len; byte_extract:0,0,cn_len,relative,string,dec; http.request_body; byte_jump:0,cn_len,relative; isdataat:1,relative; classtype:misc-activity; sid:2069477; rev:1; metadata:attack_target Server, created_at 2026_05_28, deployment Perimeter, deployment Internal, performance_impact Significant, confidence High, signature_severity Major, tag Exploit, updated_at 2026_05_28, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

Metadata

attack targetServer

created at2026_05_28

deploymentInternal

performance impactSignificant

confidenceHigh

signature severityMajor

tagExploit

updated at2026_05_28

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!