Versions (4)
Version DetailsCurrent
Rev: 2 • Nov 2, 2023, 12:00 PMET INFO Remote Spring Application XML Configuration Containing ProcessBuilder Downloaded
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Remote Spring Application XML Configuration Containing ProcessBuilder Downloaded"; flow:established,to_client; http.response_body; content:"|3c|bean"; content:"|22|java|2e|lang|2e|ProcessBuilder|22|"; nocase; fast_pattern; distance:0; reference:url,attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604; reference:url,activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; reference:url,github.com/X1r0z/ActiveMQ-RCE; reference:cve,2023-46604; classtype:misc-activity; sid:2049046; rev:2; metadata:attack_target Server, created_at 2023_11_02, deployment Perimeter, performance_impact Low, confidence Low, signature_severity Informational, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_29, reviewed_at 2023_11_02; target:dest_ip;)
Nov 2, 2023, 12:00 PM
Nov 29, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 18, 2025, 8:35 PM
rules/emerging-info.rules