""ET ATTACK_RESPONSE Output of id command from HTTP server""

SID: 2019284

Revision: 1

Class Type: bad-unknown

Metadata: created_at 2014_09_26, updated_at 2014_09_26

Reference:

Protocol: tcp

Source Network: $HTTP_SERVERS

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: established

Contents:

• Value: "uid="

• Value: " gid="

• Value: " groups="

Within: 8

PCRE: "/^\d+[^\r\n\s]+/R"

Special Options:

source