""GPL POP3 POP3 PASS overflow attempt""

SID: 2101634

Revision: 15

Class Type: attempted-admin

Metadata: created_at 2010_09_23, cve CVE_1999_1511, updated_at 2011_06_08

Reference:

• nessus

• 10325

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 110

Flow: to_server,established

Contents:

• Value: "PASS"

Within:

PCRE: "/^PASS\s[^\n]{50}/smi"

Special Options:

• nocase

source