alert tcp any any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893)"; flow:established,to_server; content:"t3|20|12"; depth:5; fast_pattern; content:"AS|3a|255"; distance:0; content:"HL|3a|19"; distance:0; content:"MS|3a|10000000"; distance:0; content:"PU|3a|t3|3a|//"; distance:0; reference:cve,2018-2893; reference:url,github.com/pyn3rd/CVE-2018-2893; classtype:attempted-admin; sid:2025929; rev:3; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2018_08_01, cve CVE_2018_2893, deployment Datacenter, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_21;)