alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL EXPLOIT Tomcat server exploit access"; flow:to_server,established; content:"/contextAdmin/contextAdmin.html"; nocase; http_uri; reference:bugtraq,1548; reference:cve,2000-0672; reference:nessus,10477; classtype:attempted-recon; sid:2101111; rev:13; metadata:created_at 2010_09_23, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)