""ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body 2""

SID: 2019234

Revision: 3

Class Type: attempted-admin

Metadata: created_at 2014_09_25, cve CVE_2014_6271, updated_at 2014_09_26

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "|25|28|25|29|25|20|25|7b|25|20"

Within:

PCRE: "/(:?(:?\x5e|%5e)|(:?[=?&]|\x25(:?3d|3f|26)))\s*?(:?%28|\x28)(:?%29|\x29)(:?%20|\x20)(:?%7b|\x7b)(:?%20|\x20)/Pi"

Special Options:

• http_client_body

source