Last active
May 28, 2020 15:48
-
-
Save Obsecurus/b4bdf1d99735a988810efbad68fd03c0 to your computer and use it in GitHub Desktop.
Revisions
-
Obsecurus revised this gist
Jun 19, 2019 . No changes.There are no files selected for viewing
-
Jun 19, 2019 . No changes.There are no files selected for viewing
-
Jun 19, 2019 . No changes.There are no files selected for viewing
-
Jun 19, 2019 . No changes.There are no files selected for viewing
-
Jun 19, 2019 . No changes.There are no files selected for viewing
-
Jun 19, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)"; flow:established,to_server; content:"RCPT|20|TO"; content:"|24 7b|run|7b|"; distance:0; fast_pattern; content:"|7d 7d 40|"; distance:0; content:"RCPT|20|TO|3a|"; pcre:"/^\s*\x24\x7brun\x7b[^\r\n]+\x7d{2}\x40/R"; metadata: former_category EXPLOIT; reference:url,www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt; classtype:attempted-admin; sid:2027442; rev:1; metadata:attack_target SMTP_Server, deployment Perimeter, cve 2019_10149, signature_severity Major, created_at 2019_06_07, performance_impact Low, updated_at 2019_06_07;)