Rule History

alert tcp any any -> $HOME_NET any (msg:"ET POLICY Serialized Java Object returned via LDAPv3 Response"; flow:established,to_client; content:"|30|"; depth:1; content:"|04 0d|javaClassName"; fast_pattern; content:"|04 12|javaSerializedData"; distance:0; content:"|ac ed|"; within:10; reference:url,ldap.com/ldapv3-wire-protocol-reference-ldap-result/; reference:url,ldap.com/ldapv3-wire-protocol-reference-search/; reference:cve,2021-44228; classtype:bad-unknown; sid:2034818; rev:2; metadata:attack_target Client_and_Server, created_at 2021_12_21, cve CVE_2021_44228, deployment Perimeter, deployment Internal, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_12_21;)