Versions (4)
Version DetailsCurrent
Rev: 1 • Jun 2, 2020, 12:00 PMET EXPLOIT Possible Successful VMware Cloud Director RCE Attempt (CVE-2020-3956)
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Possible Successful VMware Cloud Director RCE Attempt (CVE-2020-3956)"; flow:established,from_server; http.stat_code; content:"400"; http.response_body; content:"<Error"; content:"has|20|invalid|20|length|20|for"; fast_pattern; flowbits:isset,ET.20203956; reference:url,citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/; classtype:attempted-admin; sid:2030241; rev:1; metadata:affected_product VMware, attack_target Server, created_at 2020_06_02, cve CVE_2020_3956, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_06_02;)
Jun 2, 2020, 12:00 PM
Jun 2, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 18, 2025, 8:36 PM
rules/emerging-exploit.rules