Versions (5)
Version DetailsCurrent
Rev: 1 • Sep 7, 2023, 12:00 PMET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246)
alert http $EXTERNAL_NET any -> $HOME_NET [10909,10911] (msg:"ET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246)"; flow:established,to_client; content:"rocketmqHome|3d 2d|c|20 24 40 7c|sh|20 2e 20|echo|20|"; fast_pattern; content:"|3b|"; distance:0; reference:url,vulncheck.com/blog/rocketmq-exploit-payloads; reference:url,blogs.juniper.net/en-us/threat-research/cve-2023-33246-apache-rocketmq-remote-code-execution-vulnerability; reference:url,packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html; reference:url,attackerkb.com/topics/YBI7e7fY0a/cve-2023-33246; reference:cve,2023-33246; classtype:web-application-attack; sid:2047954; rev:1; metadata:affected_product Apache_RocketMQ, attack_target Client_Endpoint, created_at 2023_09_07, cve CVE_2023_33246, deployment Perimeter, confidence Low, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_09_07;)
Sep 7, 2023, 12:00 PM
Sep 7, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 18, 2025, 8:35 PM
rules/emerging-web_specific_apps.rules