alert tcp any any -> $HOME_NET 20009 (msg:"ET EXPLOIT Adobe ColdFusion ODBC Agent Memory Corruption (CVE-2022-35690)"; flow:established,to_server; content:"GIOP"; startswith; content:"|00|"; distance:3; within:1; byte_test:4,=,0,4,relative; content:"IIOP|3a|slx|3a 3a|"; distance:0; fast_pattern; content:"SSP|00 00 00 00 00|"; distance:0; content:"|08|"; distance:0; byte_test:1,>,38,0,relative; reference:url,www.zerodayinitiative.com/blog/2023/1/18/cve-2022-35690-unauthenticated-rce-in-adobe-coldfusion; reference:url,www.sonicwall.com/blog/adobe-coldfusion-heap-buffer-overflow-vulnerability; reference:cve,2022-35690; classtype:attempted-admin; sid:2065686; rev:1; metadata:affected_product Adobe_Coldfusion, attack_target Server, created_at 2025_11_06, cve CVE_2022_35690, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)