""ET EXPLOIT Possible Firefox PDF.js Same-Origin-Bypass CVE-2015-4495 M1""

SID: 2021601

Revision: 1

Class Type: attempted-user

Metadata: created_at 2015_08_10, cve CVE_2015_4495, updated_at 2015_08_10

Reference:

• cve

• 2015-4495

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

• Value: "|76 69 65 77 2d 73 6f 75 72 63 65 3a|"

• Value: "|61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 6f 7a 2d 70 6c 61 79 70 72 65 76 69 65 77 2d 70 64 66 6a 73|"

• Value: "|73 61 6e 64 62 6f 78 43 6f 6e 74 65 78 74|"

• Value: "return "

Within:

PCRE: "/\We[\s\x22\x27,+]?v[\s\x22\x27,+]?a[\s\x22\x27,+]*?l\W/"

Special Options:

• file_data

• nocase

• nocase

• nocase

source