Versions (3)
Version DetailsCurrent
Rev: 1 • Sep 22, 2023, 12:00 PMET EXPLOIT Potential Adobe Experience Manager (AEM) Dispatcher Bypass Attempt
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Potential Adobe Experience Manager (AEM) Dispatcher Bypass Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/bin/querybuilder.json"; startswith; fast_pattern; isdataat:2,relative; reference:url,isc.sans.edu/diary/Obfuscated+Scans+for+Older+Adobe+Experience+Manager+Vulnerabilities/30230/; reference:url,adapt.to/2019/presentations/adaptto2019-securing-aem-webapps-by-hacking-them-mikhail-egorov.pdf; classtype:attempted-admin; sid:2048213; rev:1; metadata:affected_product Adobe_Experience_Manager, attack_target Client_Endpoint, created_at 2023_09_22, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_09_22, reviewed_at 2023_09_22;)
Sep 22, 2023, 12:00 PM
Sep 22, 2023, 12:00 PM
Sep 22, 2023, 10:00 PM
Aug 18, 2025, 8:35 PM
rules/emerging-exploit.rules