""ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)""
SID: 2027442
Revision: 4
Class Type: attempted-admin
Metadata: attack_target SMTP_Server, created_at 2019_06_07, cve CVE_2019_10149, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2019_06_21
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $SMTP_SERVERS
Destination Port: [25,587]
Flow: established,to_server
Contents:
-
Value: "RCPT|20|TO"
-
Value: "|24 7b|run|7b|"
-
Value: "|7d 7d 40|"
Within: 12
PCRE:
Special Options:
- fast_pattern