""ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013""
SID: 2016983
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2013_06_06, updated_at 2013_06_06
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "/phppath/php"
Within:
PCRE: "/\/phppath\/php\b/Ui"
Special Options:
- http_uri