""ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M4""
SID: 2021575
Revision: 4
Class Type: attempted-dos
Metadata: created_at 2015_08_01, cve CVE_2015_5477, updated_at 2023_05_24
Reference:
-
cve
-
2015-5477
Protocol: udp
Source Network: any
Source Port: any
Destination Network: any
Destination Port: 53
Flow:
Contents:
-
Value: "|00 00 00 01|" Depth: 4 Offset: 2
-
Value: "|00 01|"
-
Value: "|00 f9|"
-
Value: !"|00 f9|"
Within: 2
PCRE: "/^..[^\x00]+\x00/Rs"
Special Options:
- fast_pattern