Versions (4)
Version DetailsCurrent
Rev: 3 • Oct 19, 2022, 12:00 PMET EXPLOIT Possible Apache Text4shell RCE Attempt JEXL Path (CVE-2022-42889) (Inbound)
alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Apache Text4shell RCE Attempt JEXL Path (CVE-2022-42889) (Inbound)"; flow:established,to_server; http.uri; content:"|24 7b|java|3a|version|7d 20 24 7b|script|3a|JEXL|3a 27 27 2e|getClass|28 29 2e|forName|28 27|java|2e|lang|2e|Runtime|27 29 2e|getRuntime|28 29 2e|exec"; fast_pattern; content:"|7d|"; distance:0; reference:cve,2022-42889; reference:url,twitter.com/pwntester/status/1582321752566161409; classtype:attempted-admin; sid:2039470; rev:3; metadata:affected_product Apache_HTTP_server, attack_target Web_Server, created_at 2022_10_19, cve CVE_2022_42889, deployment Perimeter, deployment SSLDecrypt, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_15;)
Oct 19, 2022, 12:00 PM
Dec 15, 2022, 12:00 PM
Oct 19, 2022, 9:00 PM
Aug 28, 2025, 9:34 PM
rules/emerging-exploit.rules