Et rule 2051765 - Magic-SigExplorer

""ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt""

SID: 2051765

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Fortigate, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2024_03_22, cve CVE_2024_21762, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_03_22

Reference:

cve
2024-21762

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

Value: "|0d 0a 0d 0a|0000000000000000FF|0d 0a 0d 0a|"
Value: "POST"
Value: "/remote/"
Value: "Transfer-Encoding|3a 20|chunked"

Within:

PCRE:

Special Options:

http_method
http_uri
http_header

source