Versions (4)
Version DetailsCurrent
Rev: 1 • Mar 19, 2025, 4:38 PMTGI HUNT Unsafe Java Runtime Method Inbound
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"TGI HUNT Unsafe Java Runtime Method Inbound"; flow:established,to_server; content:"getRuntime"; nocase; fast_pattern; content:"exec"; nocase; distance:0; pcre:"/\x2e\s*getRuntime\s*\x28\s*\x29\s*\.\s*exec\s*\x28/i"; reference:cve,2019-7238; reference:url,github.com/mpgn/CVE-2019-7238; classtype:attempted-admin; sid:2610692; rev:1;)
Mar 19, 2025, 4:38 PM
Mar 19, 2025, 4:38 PM
Jul 29, 2025, 5:35 PM
Jul 29, 2025, 5:35 PM
hunting.rules