#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Java Rhino Exploit Attempt - evilcode.class"; flow:established,to_client; content:"code=|22|evilcode.class|22|"; nocase; fast_pattern:only; reference:cve,2011-3544; classtype:attempted-user; sid:2014429; rev:5; metadata:created_at 2012_03_26, updated_at 2012_03_26;)
Added 2018-01-05 17:05:34 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Java Rhino Exploit Attempt - evilcode.class"; flow:established,to_client; content:"code=|22|evilcode.class|22|"; nocase; fast_pattern:only; reference:cve,2011-3544; classtype:attempted-user; sid:2014429; rev:5; metadata:created_at 2012_03_26, updated_at 2012_03_26;)
Added 2017-08-07 21:07:50 UTC
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Java Rhino Exploit Attempt - evilcode.class"; flow:established,to_client; content:"code=|22|evilcode.class|22|"; nocase; fast_pattern:only; reference:cve,2011-3544; classtype:attempted-user; sid:2014429; rev:5;)
Added 2012-03-27 00:27:14 UTC