""ET EXPLOIT F5 BIG-IP rsync cmi access attempt""

SID: 2019087

Revision: 4

Class Type: attempted-admin

Metadata: created_at 2014_08_29, updated_at 2014_09_01

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: any

Destination Port: 873

Flow: to_server,established

Contents:

• Value: "cmi|0a|"

Within:

PCRE:

Special Options:

source