ET INFO Remote Spring Application XML Configuration Containing ProcessBuilder Downloaded

SID: 2049046Rev: 215 viewsHistory

Sourceet/open

CreatedNovember 2, 2023

UpdatedNovember 29, 2023

Classificationmisc-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Remote Spring Application XML Configuration Containing ProcessBuilder Downloaded"; flow:established,to_client; http.response_body; content:"|3c|bean"; content:"|22|java|2e|lang|2e|ProcessBuilder|22|"; nocase; fast_pattern; distance:0; reference:url,attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604; reference:url,activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; reference:url,github.com/X1r0z/ActiveMQ-RCE; reference:cve,2023-46604; classtype:misc-activity; sid:2049046; rev:2; metadata:attack_target Server, created_at 2023_11_02, deployment Perimeter, performance_impact Low, confidence Low, signature_severity Informational, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_29, reviewed_at 2023_11_02; target:dest_ip;)

References

url	attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604
url	activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
url	github.com/X1r0z/ActiveMQ-RCE
cve	2023-46604

Metadata

attack targetServer

created at2023_11_02

deploymentPerimeter

performance impactLow

confidenceLow

signature severityInformational

tagDescription_Generated_By_Proofpoint_Nexus

updated at2023_11_29

reviewed at2023_11_02

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!