""ET EXPLOIT Possible CVE-2016-0777 Server Advertises Suspicious Roaming Support""

SID: 2022369

Revision: 1

Class Type: attempted-user

Metadata: created_at 2016_01_15, cve CVE_2016_0777, updated_at 2016_01_15

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: $SSH_PORTS

Destination Network: any

Destination Port: any

Flow: established,to_client

Contents:

• Value: "|14|"

Offset: 6

• Value: "resume@appgate.com"

• Value: !"AppGateSSH_5.2"

Within:

PCRE:

Special Options:

source