ET EXPLOIT Apache log4j RCE Attempt (http) (Inbound) (CVE-2021-44228)

SID: 2045126Rev: 123 views
History
Sourceet/open
CreatedApril 21, 2023
UpdatedApril 21, 2023
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Apache log4j RCE Attempt (http) (Inbound) (CVE-2021-44228)"; flow:established,to_server; http.uri; content:"|2f 24 7b 24 7b|"; startswith; fast_pattern; content:"|3a 2d|j|7d 24 7b|"; content:"|3a 2d|n|7d 24 7b|"; content:"|3a 2d|d|7d 24 7b|"; content:"|3a 2d|i|7d 24 7b|"; content:"|3a 2d 3a 7d 24 7b|"; reference:url,lunasec.io/docs/blog/log4j-zero-day; reference:cve,2021-44228; classtype:attempted-admin; sid:2045126; rev:1; metadata:attack_target Server, created_at 2023_04_21, cve CVE_2021_44228, deployment Perimeter, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_21;)

References

urllunasec.io/docs/blog/log4j-zero-day
cve2021-44228

Metadata

attack targetServer
created at2023_04_21
deploymentPerimeter
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_04_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!