""ET EXPLOIT Possible EXIM DoS (CVE-2019-16928)""
SID: 2028636
Revision: 3
Class Type: attempted-admin
Metadata: attack_target SMTP_Server, created_at 2019_09_30, cve CVE_2019_16928, deployment Perimeter, deployment Internal, signature_severity Critical, updated_at 2019_10_01
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $SMTP_SERVERS
Destination Port: [25,465,587]
Flow: established,to_server
Contents:
-
Value: "EHLO " Depth: 5
-
Value: !"|0a|"
Within: 500
PCRE:
Special Options: