""ET WEB_SERVER OptionsBleed (CVE-2017-9798)""
SID: 2024760
Revision: 3
Class Type: misc-activity
Metadata: affected_product Apache_HTTP_server, attack_target Server, created_at 2017_09_19, deployment Datacenter, performance_impact Significant, signature_severity Minor, updated_at 2017_09_22
Reference:
-
cve
-
CVE-2017-9798
Protocol: tcp
Source Network: $HTTP_SERVERS
Source Port: $HTTP_PORTS
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,from_server
Contents:
- Value: "Allow|3a 20|"
Within:
PCRE: "/Allow: [^\n]+(?:[^ -~\x0d\x0a]|,\x20*,)/H"
Special Options:
- http_header