ET EXPLOIT Possible Apache Text4shell RCE Attempt URL Prefix (CVE-2022-42889) (Outbound)

SID: 2039469Rev: 20 viewsHistory

Sourceet/open

CreatedOctober 19, 2022

UpdatedOctober 24, 2022

Classificationattempted-admin

alert http $HOME_NET any -> any any (msg:"ET EXPLOIT Possible Apache Text4shell RCE Attempt URL Prefix (CVE-2022-42889) (Outbound)"; flow:established,to_server; http.uri; content:"|3d 24 7b|url|3a|UTF|2d|8|3a|http|3a 2f|"; fast_pattern; content:"|7d|"; distance:0; reference:cve,2022-42889; reference:url,sysdig.com/blog/cve-2022-42889-text4shell; classtype:attempted-admin; sid:2039469; rev:2; metadata:affected_product Apache_HTTP_server, attack_target Client_Endpoint, created_at 2022_10_19, cve CVE_2022_42889, deployment Perimeter, deployment SSLDecrypt, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_24;)

References

cve	2022-42889
url	sysdig.com/blog/cve-2022-42889-text4shell

Metadata

affected productApache_HTTP_server

attack targetClient_Endpoint

created at2022_10_19

cveCVE-2022-42889

deploymentSSLDecrypt

confidenceLow

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_10_24

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!