""ET WEB_CLIENT Spectre Exploit Javascript""

SID: 2025188

Revision: 4

Class Type: attempted-user

Metadata: affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2018_01_09, cve CVE_2017_5753, deployment Perimeter, performance_impact Moderate, signature_severity Major, tag Web_Client_Attacks, updated_at 2018_02_06

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: from_server,established

Contents:

• Value: "0x1000000"

Within:

PCRE: "/(?[^=\s])\s=\s0x1000000.+?\x28\s\x28\s\x28\s\w+\s<<\s12\s\x29\s|\s0\s\x29\s+\s(?P=var1)\s\x29\s|\s*0/s"

Special Options:

• file_data

source