""ET EXPLOIT Possible Firefox PDF.js Same-Origin-Bypass CVE-2015-4495 M2""

SID: 2021606

Revision: 1

Class Type: attempted-user

Metadata: created_at 2015_08_11, cve CVE_2015_4495, updated_at 2015_08_11

Reference:

• cve

• 2015-4495

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

• Value: "|77 69 6e 64 6f 77 73 5f 73 65 61 72 63 68 5f 61 6e 64 5f 75 70 6c 6f 61 64 5f 69 6e 5f 61 70 70 5f 64 61 74 61 5f 62 79 5f 64 69 73 6b|"

• Value: "|64 71 2e 61 77 61 69 74 41 6c 6c 28 63 61 6c 6c 62 61 63 6b 29|"

Within:

PCRE:

Special Options:

• file_data

• nocase

• nocase

source