ET EXPLOIT Possible Apache Text4shell RCE Attempt Script Prefix (CVE-2022-42889) (Inbound)
Sourceet/open
CreatedOctober 19, 2022
UpdatedOctober 24, 2022
Classificationattempted-admin
alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Apache Text4shell RCE Attempt Script Prefix (CVE-2022-42889) (Inbound)"; flow:established,to_server; http.uri; content:"|3d 24 7b|script|3a|javascript|3a|java|2e|lang|2e|Runtime|2e|getRuntime|28 29 2e|exec|28|"; fast_pattern; content:"|7d|"; distance:0; reference:cve,2022-42889; reference:url,sysdig.com/blog/cve-2022-42889-text4shell; classtype:attempted-admin; sid:2039464; rev:2; metadata:affected_product Apache_HTTP_server, attack_target Web_Server, created_at 2022_10_19, cve CVE_2022_42889, deployment Perimeter, deployment SSLDecrypt, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_24;)
References
Metadata
affected productApache_HTTP_server
attack targetWeb_Server
created at2022_10_19
deploymentSSLDecrypt
confidenceLow
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_10_24
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!