""ET WEB_SERVER Cisco IOS HTTP Server Exec Command Execution Attempt""

SID: 2010623

Revision: 5

Class Type: web-application-attack

Metadata: created_at 2010_07_30, updated_at 2015_09_16

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

• Value: "/level/15/exec/-/"

Within:

PCRE: "/\x2Flevel\x2F15\x2Fexec\x2F\x2D\x2F[a-z]/Ui"

Special Options:

• nocase

• http_uri

source