ET WEB_SPECIFIC_APPS Oracle WebLogic Server OS Command Injection Attempt Inbound (CVE-2017-3506)

SID: 2048259Rev: 247 views
History
Sourceet/open
CreatedSeptember 26, 2023
UpdatedAugust 6, 2025
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Oracle WebLogic Server OS Command Injection Attempt Inbound (CVE-2017-3506)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/wls-wsat/coordinatorporttype"; nocase; bsize:29; fast_pattern; http.request_body; content:"<string>"; pcre:"/^(?:\x2fbin\x2f|\w+\.exe)/R"; reference:url,www.trendmicro.com/en_us/research/23/e/8220-gang-evolution-new-strategies-adapted.html; reference:url,nvd.nist.gov/vuln/detail/CVE-2017-3606; reference:cve,2017-3506; classtype:attempted-admin; sid:2048259; rev:2; metadata:attack_target Web_Server, created_at 2023_09_26, cve CVE_2017_3506, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2025_08_06, reviewed_at 2023_09_26; target:dest_ip;)

References

urlwww.trendmicro.com/en_us/research/23/e/8220-gang-evolution-new-strategies-adapted.html
urlnvd.nist.gov/vuln/detail/CVE-2017-3606
cve2017-3506

Metadata

attack targetWeb_Server
created at2023_09_26
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMajor
tagCISA_KEV
updated at2025_08_06
reviewed at2023_09_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!