Versions (3)
Version DetailsCurrent
Rev: 6 • Nov 20, 2013, 12:00 PMET WEB_SERVER WEBSHELL pwn.jsp shell
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL pwn.jsp shell"; flow:established,to_server; http.uri; content:"/pwn.jsp?"; nocase; fast_pattern; content:"cmd="; nocase; reference:url,nickhumphreyit.blogspot.co.il/2013/10/jboss-42-hacked-by-pwnjsp.html; reference:url,blog.imperva.com/2013/11/threat-advisory-a-jboss-as-exploit-web-shell-code-injection.html; classtype:attempted-admin; sid:2017734; rev:6; metadata:created_at 2013_11_20, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_22;)
Nov 20, 2013, 12:00 PM
Sep 22, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 13, 2025, 9:34 PM
rules/emerging-web_server.rules