Rule History

alert tcp any any -> $HOME_NET any (msg:"ET INFO Serialized Java Object Calling Common Collection Function"; flow:to_server,established; content:"|ac ed 00 05 73 72 00|"; fast_pattern; content:"commons.collections"; nocase; distance:0; reference:url,github.com/foxglovesec/JavaUnserializeExploits; classtype:misc-activity; sid:2022115; rev:2; metadata:created_at 2015_11_17, former_category EXPLOIT, confidence High, signature_severity Informational, updated_at 2024_06_14;)