Versions (5)
Version DetailsCurrent
Rev: 1 • Dec 20, 2021, 12:00 PMET EXPLOIT Oracle Coherence Deserialization RCE (CVE-2020-2555)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Oracle Coherence Deserialization RCE (CVE-2020-2555)"; flow:established,to_server; content:"|74 33 20 31 32 2e 32 2e 31 0a 41 53 3a 32 35 35|"; content:"javax.management.BadAttributeValueExpException"; nocase; fast_pattern; content:"weblogic.common.internal.PackageInfo"; reference:url,github.com/Y4er/CVE-2020-2555/blob/master/weblogic_t3.py; reference:url,www.zerodayinitiative.com/blog/2020/3/5/cve-2020-2555-rce-through-a-deserialization-bug-in-oracles-weblogic-server; reference:cve,2020-2555; classtype:attempted-admin; sid:2034780; rev:1; metadata:attack_target Server, created_at 2021_12_20, cve CVE_2020_2555, deployment Perimeter, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_12_20;)
Dec 20, 2021, 12:00 PM
Dec 20, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 8, 2025, 9:34 PM
rules/emerging-exploit.rules