""ET WEB_SERVER Apache APR apr_fnmatch Stack Overflow Denial of Service""
SID: 2012926
Revision: 3
Class Type: attempted-dos
Metadata: created_at 2011_06_02, cve CVE_2011_0419, updated_at 2011_06_03
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
- Value: "|2F 3F|P|3D 2A 3F 2A 3F 2A 3F 2A 3F 2A 3F|"
Within:
PCRE: "/(\x2a\x3f){700}/U"
Special Options:
- http_uri