""ET WEB_SERVER WGET Command Specifying Output in HTTP Headers""
SID: 2019309
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2014_09_29, updated_at 2014_09_29
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "wget "
Within:
PCRE: "/(?!^User-Agent\x3a)\bwget\s[^\r\n]+(?:\x3b|&&)/Hm"
Special Options:
- http_header