""ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body 3""

SID: 2019241

Revision: 4

Class Type: attempted-admin

Metadata: created_at 2014_09_25, cve CVE_2014_6271, updated_at 2014_10_01

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "()|25|20|25|7b"

Within:

PCRE: "/(:?(?:\x5e|%5e)|([=?&]|\x25(?:3d|3f|26)))\s*?()(?:%20|\x20)(?:%7b|\x7b)/Pi"

Special Options:

• http_client_body

source