Versions (2)
Version DetailsCurrent
Rev: 4 • Feb 26, 2014, 12:00 PMET WEB_SPECIFIC_APPS Symantec Endpoint Manager XXE RCE Attempt
alert http $EXTERNAL_NET any -> $HOME_NET [8443,9090] (msg:"ET WEB_SPECIFIC_APPS Symantec Endpoint Manager XXE RCE Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/servlet/ConsoleServlet?ActionType=ConsoleLog"; http.request_body; content:"Content-Type|3a| text/xml|0d 0a|"; nocase; content:"|3c 21|DOCTYPE"; nocase; content:"http|3a|//127.0.0.1|3a|9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=test_av&SequenceNum="; nocase; content:"&Parameter="; nocase; reference:cve,2013-5014; reference:cve,2013-5015; reference:url,cxsecurity.com/issue/WLB-2014020199; classtype:web-application-attack; sid:2018176; rev:4; metadata:created_at 2014_02_26, cve CVE_2013_5014, signature_severity Major, updated_at 2020_04_28;)
Feb 26, 2014, 12:00 PM
Apr 28, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_specific_apps.rules