ET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246)

SID: 2047954Rev: 118 views
History
Sourceet/open
CreatedSeptember 7, 2023
UpdatedSeptember 7, 2023
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HOME_NET [10909,10911] (msg:"ET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246)"; flow:established,to_client; content:"rocketmqHome|3d 2d|c|20 24 40 7c|sh|20 2e 20|echo|20|"; fast_pattern; content:"|3b|"; distance:0; reference:url,vulncheck.com/blog/rocketmq-exploit-payloads; reference:url,blogs.juniper.net/en-us/threat-research/cve-2023-33246-apache-rocketmq-remote-code-execution-vulnerability; reference:url,packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html; reference:url,attackerkb.com/topics/YBI7e7fY0a/cve-2023-33246; reference:cve,2023-33246; classtype:web-application-attack; sid:2047954; rev:1; metadata:affected_product Apache_RocketMQ, attack_target Client_Endpoint, created_at 2023_09_07, cve CVE_2023_33246, deployment Perimeter, confidence Low, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_09_07;)

References

urlvulncheck.com/blog/rocketmq-exploit-payloads
urlblogs.juniper.net/en-us/threat-research/cve-2023-33246-apache-rocketmq-remote-code-execution-vulnerability
urlpacketstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
urlattackerkb.com/topics/YBI7e7fY0a/cve-2023-33246
cve2023-33246

Metadata

affected productApache_RocketMQ
attack targetClient_Endpoint
created at2023_09_07
deploymentPerimeter
confidenceLow
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_09_07

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!