""ET INFO Potential Common Malicious JavaScript Loop""

SID: 2015045

Revision: 3

Class Type: bad-unknown

Metadata: created_at 2012_07_07, performance_impact Significant, updated_at 2024_04_08

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

• Value: "for("

• Value: "|3B|"

• Value: ">=0|3B|"

• Value: "--)"

Within: 10

PCRE: "/for\x28[^\x3D\r\n]*[0-9]{1,6}\x2D[0-9]{1,5}\x3B[^\x3D\r\n]\x3E\x3D0\x3B[^\x29\r\n]\x2D\x2D\x29/"

Special Options:

• file_data

• fast_pattern

source