alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"[APACHE] Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 19"; content:"|28|%29|20|%7b|20|"; program: apache|httpd; flowbits: set, exploit_attempt, 86400; parse_src_ip: 1; fwsam: src, 1 day; reference:url,blogs.akamai.com/2014/09/environment-bashing.html; classtype:attempted-admin; sid:5002198; rev:2;)
-- Main.Sagan-Wiki-Add - 2015-10-21
New revisions of 5002198 will be below...