""ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt""
SID: 2023075
Revision: 1
Class Type: attempted-admin
Metadata: affected_product Fortigate, attack_target Server, created_at 2016_08_17, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2016_08_17
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "POST /index HTTP/1.1|0d 0a|Host|3a 20|" Depth: 28
-
Value: !"User-Agent|3a|"
-
Value: !"Content-Type|3a|"
-
Value: !"Referer|3a|"
-
Value: !"Accept"
-
Value: "Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="
Within: 51
PCRE: "/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"
Special Options: