alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Adobe ColdFusion Unauthenticated Remote Code Execution (CVE-2023-29300)"; flow:established,to_server; http.uri; content:"/CFIDE/adminapi/accessmanager.cfc|3f|"; fast_pattern; content:"_cfclient|3d|true"; distance:0; http.request_body; content:"argumentCollection|3d 3c|wddxPacket"; pcre:"/[^\x22\x27]com.sun.rowset.JdbcRowSetImpl[^\x22\x27]/"; content:"autoCommit"; http.method; content:"POST"; reference:url,projectdiscovery.io/blog/adobe-coldfusion-rce; reference:cve,2023-29300; classtype:web-application-attack; sid:2065687; rev:1; metadata:affected_product Adobe_Coldfusion, attack_target Server, tls_state TLSDecrypt, created_at 2025_11_06, cve CVE_2023_29300, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_11_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)