ET SCAN Possible Scanning for Vulnerable JBoss
Sourceet/open
Fileemerging-scan.rules
CreatedDecember 9, 2015
UpdatedApril 12, 2024
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Possible Scanning for Vulnerable JBoss"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"/invoker/"; startswith; content:"servlet/"; http.request_body; content:"org.jboss.invocation.MarshalledValue"; http.content_type; content:"application/x-java-serialized-object|3b|"; endswith; reference:url,blog.imperva.com/2015/12/zero-day-attack-strikes-again-java-zero-day-vulnerability-cve-2015-4852-tracked-by-imperva.html ; classtype:web-application-attack; sid:2022240; rev:4; metadata:created_at 2015_12_09, confidence Medium, signature_severity Minor, updated_at 2024_04_12;)
Metadata
created at2015_12_09
confidenceMedium
signature severityMinor
updated at2024_04_12
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!