Rule History

alert tcp any any -> $HOME_NET any (msg:"ET INFO Apache ActiveMQ Instance - Vulnerable to CVE-2023-46604 - Remote Instance"; flow:established,to_client; content:"|01|ActiveMQ"; offset:4; depth:9; fast_pattern; content:"ProviderVersion"; content:"5."; distance:3; within:2; pcre:"/^(?:1(?:(?:4.[012345]|[02].[012]|3.[01234]|1.[0123])|5.(?:[023456789]|1[012345])|6.[0123456]|7.[012345]|8.[012]|.0)|[02678].0|4.[0123]|3.[012]|5.[01]|9.[01])/R"; reference:url,activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; reference:cve,2023-46604; classtype:misc-activity; sid:2049008; rev:2; metadata:attack_target Server, created_at 2023_11_01, cve CVE_2023_46604, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, tag CISA_KEV, updated_at 2023_11_03, reviewed_at 2023_11_03; target:src_ip;)