ATTACK [PTsecurity] Spring AMQP <1.7.4, 1.6.11, 1.5.7 Java Object Deserialization RCE (CVE--2017-8045)

SID: 10002274Rev: 10 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert tcp $HOME_NET 5672 -> $HOME_NET any (msg:"ATTACK [PTsecurity] Spring AMQP <1.7.4, 1.6.11, 1.5.7 Java Object Deserialization RCE (CVE--2017-8045)"; flow:established, no_stream; content:"application/x-java-serialized-object"; nocase; content:"|03|"; distance:1; within:1; content:"java."; distance:0; pcre:"/application/x-java-serialized-object.{0,110}(?:org\.(?:apache\.|springframework\.|jboss\.|hibernate\.)|java(?:x\.management\.|\.rmi\.)|com\.sun\.|sun\.reflect\.)/"; reference:cve, 2017-8045; reference:url, pivotal.io/security/cve-2017-8045; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002274; rev:1;)

References

cve	2017-8045
url	pivotal.io/security/cve-2017-8045
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!