This alert is triggered when an adversary is attempting to exploit CVE-2005-2917 a denial of service vulnerability in the Squid proxy server, specifically related to how it handles authentication headers. Squid is a widely-used proxy server that helps organizations increase their web performance by caching web content and also providing filtering capabilities. The vulnerability is linked to how Squid handles "Proxy-Authorization" headers with "NTLM" authentication.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit CVE-2011-0807 and gain access to the Oracle GlassFish Server without providing a "JSESSIONID". Oracle GlassFish Server is an open-source application server provided by Oracle for the Java EE platform. The rule specifically detects attempts to bypass authentication by targeting the "/applications/upload" URI and looking for specific patterns in the request.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit CVE-2013-6810 a directory traversal vulnerability in the EMC Connectrix Manager via its FileUploadController. EMC Connectrix Manager is a web application for managing Connectrix switches. A directory traversal vulnerability would allow an attacker to access files on the server that are outside the intended directory. The specific point of interest here is the "FileUploadController," which the attacker is trying to exploit by sending specially crafted filenames in their request.

• Cyber Attack
• Server-Webapp