""ET INFO Possible UPnP UUID Overflow Exploit Attempt from Internal Host - NOTIFY""

SID: 2034498

Revision: 1

Class Type: unknown

Metadata: created_at 2021_11_18, updated_at 2021_11_18

Reference:

Protocol: tcp

Source Network: [$HOME_NET,$HTTP_SERVERS]

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: any

Flow: established,to_server

Contents:

• Value: "NOTIFY"

• Value: "UUID|3a 20|"

Within:

PCRE: "/UUID\x3a\x20[^\r\n]{100,}/H"

Special Options:

• http_method

• http_header

• fast_pattern

source