""GPL EXPLOIT Alternate Data streams ASP file access attempt""

SID: 2100975

Revision: 14

Class Type: web-application-attack

Metadata: created_at 2010_09_23, updated_at 2011_10_24

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

• Value: ".asp|3A 3A 24|DATA"

Within:

PCRE:

Special Options:

• nocase

• http_uri

source