Rule History

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DELETED Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:".jsp?"; nocase; http_uri; content:"JSESSIONID="; nocase; isdataat:5132; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; classtype:attempted-admin; sid:2009216; rev:7; metadata:created_at 2010_07_30, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)