ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)
Sourceet/open
Fileemerging-exploit.rules
CreatedFebruary 25, 2020
UpdatedMarch 14, 2024
Classificationattempted-admin
alert tcp any any -> $HOME_NET 8009 (msg:"ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)"; flow:established,to_server ; flowbits:set,ET.GhostCat ; content:"|12 34|"; depth:2; content:"|00 08|HTTP/1.1|00|"; distance:0; content:"javax.servlet.include.path_info|00|"; nocase; distance:0; content:"javax.servlet.include.request_uri|00|"; content:"javax.servlet.include.servlet_path|00|"; reference:cve,2020-1938 ; reference:url,www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 ; classtype:attempted-admin; sid:2029533; rev:4; metadata:affected_product Apache_Tomcat, attack_target Web_Server, created_at 2020_02_25, cve CVE_2020_1938, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
References
Metadata
affected productApache_Tomcat
attack targetWeb_Server
created at2020_02_25
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!