ET SCAN Possible Scanning for Vulnerable JBoss

SID: 2022240Rev: 31 viewsHistory

Sourceet/open

CreatedDecember 9, 2015

UpdatedJune 9, 2020

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Possible Scanning for Vulnerable JBoss"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/invoker/"; depth:9; content:"servlet/"; http.request_body; content:"org.jboss.invocation.MarshalledValue"; http.content_type; content:"application/x-java-serialized-object|3b|"; endswith; reference:url,blog.imperva.com/2015/12/zero-day-attack-strikes-again-java-zero-day-vulnerability-cve-2015-4852-tracked-by-imperva.html; classtype:web-application-attack; sid:2022240; rev:3; metadata:created_at 2015_12_09, confidence Medium, signature_severity Minor, updated_at 2020_06_09;)

References

url	blog.imperva.com/2015/12/zero-day-attack-strikes-again-java-zero-day-vulnerability-cve-2015-4852-tracked-by-imperva.html

Metadata

created at2015_12_09

confidenceMedium

signature severityMinor

updated at2020_06_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!