""ET EXPLOIT Possible EXIM RCE Inbound (CVE-2019-15846)""
SID: 2027959
Revision: 3
Class Type: attempted-admin
Metadata: created_at 2019_09_06, cve CVE_2019_15846, performance_impact Significant, updated_at 2019_09_10
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $SMTP_SERVERS
Destination Port: [25,465,587]
Flow: established,to_server
Contents:
-
Value: "|16|" Depth: 1
-
Value: "|01|"
-
Value: "|5c 00|"
Within: 1
PCRE: "/[\x20-\x7e]{5,}\x5c\x00[\x20-\x7e]{5,}/"
Special Options:
- fast_pattern