#alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"|0d 0a|Server|3a| nginx"; depth:300; content:"%PDF-"; within:300; threshold:type limit, seconds 60, count 10, track by_src; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; classtype:bad-unknown; sid:2009076; rev:16; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:13 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"Server|3a| nginx"; http_header; file_data; content:"%PDF-"; within:300; threshold:type limit, seconds 60, count 10, track by_src; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; classtype:bad-unknown; sid:2009076; rev:14;)

Added 2011-10-12 19:26:34 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"Server|3a| nginx"; http_header; file_data; content:"%PDF-"; within:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; sid:2009076; rev:14;)

Added 2011-09-14 22:39:57 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"Server|3a| nginx"; http_header; file_data; content:"%PDF-"; within:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:14;)

Added 2011-04-20 16:13:11 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"Server|3a| nginx"; http_header; file_data; content:"%PDF-"; within:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:13;)

Added 2011-04-12 14:06:59 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"Server|3a| nginx"; http_header; file_data; content:"%PDF-"; nocase; within:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:12;)

Added 2011-02-14 02:29:26 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"Server|3a| nginx"; http_header; content:"PDF-"; nocase; depth:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:10;)

Added 2011-02-04 17:28:20 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"|0d 0a|Server|3a| nginx"; depth:300; content:"PDF-"; nocase; within:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:5;)

Added 2010-07-26 11:52:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"|0d 0a|Server|3a| nginx"; depth:300; content:"PDF-"; nocase; within:300; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:5;)

Added 2010-07-26 11:52:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server|3a| nginx"; nocase; distance:4; within:300; content:"Content-Type|3a| application/pdf"; nocase; within: 400; content:"Content-Disposition|3a| inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:4;)

Added 2010-03-08 13:53:45 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server|3a| nginx"; nocase; distance:4; within:300; content:"Content-Type|3a| application/pdf"; nocase; within: 400; content:"Content-Disposition|3a| inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:4;)

Added 2010-03-08 13:53:45 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flowbits:isset,ET.pdf.request; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server|3a| nginx"; nocase; distance:4; within:300; content:"Content-Type|3a| application/pdf"; nocase; within: 400; content:"Content-Disposition|3a| inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:3;)

Added 2010-01-08 10:23:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flowbits:isset,ET.pdf.request; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server|3a| nginx"; nocase; distance:4; within:300; content:"Content-Type|3a| application/pdf"; nocase; within: 400; content:"Content-Disposition|3a| inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:3;)

Added 2010-01-08 10:23:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server|3a| nginx"; nocase; distance:4; within:300; content:"Content-Type|3a| application/pdf"; nocase; within: 400; content:"Content-Disposition|3a| inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:2;)

Added 2009-02-06 21:34:39 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server|3a| nginx"; nocase; distance:4; within:300; content:"Content-Type|3a| application/pdf"; nocase; within: 400; content:"Content-Disposition|3a| inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:2;)

Added 2009-02-06 21:34:39 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server: nginx"; nocase; distance:4; within:300; content:"Content-Type: application/pdf"; nocase; within: 400; content:"Content-Disposition: inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:2;)

Added 2009-02-06 19:00:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server: nginx"; nocase; distance:4; within:300; content:"Content-Type: application/pdf"; nocase; within: 400; content:"Content-Disposition: inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2009076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Possible_Malicious_PDF; sid:2009076; rev:2;)

Added 2009-02-06 19:00:54 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Nginx Serving PDF - Possible hostile content (PDF)"; flow:established,from_server; content:"HTTP/1."; depth:7; content:"|0d 0a|Server\: nginx"; nocase; distance:4; within:300; content:"Content-Type\: application/pdf"; nocase; within: 400; content:"Content-Disposition\: inline"; nocase; within: 400; threshold:type limit, seconds 60, count 10, track by_src; classtype:bad-unknown; sid:2009076; rev:1;)

Added 2009-02-04 10:00:23 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats