ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning

SID: 10000035Rev: 533 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning"; content:"GET"; http_method; content:"://"; fast_pattern; distance:0; http_raw_uri; pcre:"/^\w+\s+\w+:\/\/\S+\s+.*?[\r\n].*?Host:[ \t]+[\w\.:]+\b/is"; pcre:! "/^\w+\s+\w+:\/\/([^\/\s:#]+)[\/\s:#]\S*.+?Host:[ \t]*\1\S*\b/is"; reference:url, bugs.squid-cache.org/show_bug.cgi?id=4501; reference:cve, 2016-4554; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10000035; rev:5;)

References

urlbugs.squid-cache.org/show_bug.cgi?id=4501
cve2016-4554
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!