alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Oracle Coherence Deserialization RCE (CVE-2020-2555)"; flow:established,to_server; content:"|74 33 20 31 32 2e 32 2e 31 0a 41 53 3a 32 35 35|"; content:"javax.management.BadAttributeValueExpException"; nocase; fast_pattern; content:"weblogic.common.internal.PackageInfo"; reference:url,github.com/Y4er/CVE-2020-2555/blob/master/weblogic_t3.py; reference:url,www.zerodayinitiative.com/blog/2020/3/5/cve-2020-2555-rce-through-a-deserialization-bug-in-oracles-weblogic-server; reference:cve,2020-2555; classtype:attempted-admin; sid:2034780; rev:1; metadata:attack_target Server, created_at 2021_12_20, cve CVE_2020_2555, deployment Perimeter, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_12_20;)