""ET SCAN Tomcat Auth Brute Force attempt (manager)""

SID: 2008455

Revision: 7

Class Type: web-application-attack

Metadata: created_at 2010_07_30, updated_at 2012_01_18

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: 8080

Flow: to_server,established

Contents:

• Value: "Authorization|3a| Basic bWFuYWdlcjp"

Within:

PCRE:

Special Options:

• http_header

source