alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt"; flow:established,to_server; content:"/HtmlAdaptor"; nocase; http_uri; content:"action=inspect"; nocase; http_uri; content:"bean"; nocase; http_uri; content:"name="; http_uri; reference:url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now; reference:cve,2010-0738; reference:url,doc.emergingthreats.net/2011696; classtype:web-application-attack; sid:2011696; rev:3;)

Added 2011-10-12 19:32:24 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt"; flow:established,to_server; content:"/HtmlAdaptor"; nocase; http_uri; content:"action=inspect"; nocase; http_uri; content:"bean"; nocase; http_uri; content:"name="; http_uri; classtype:web-application-attack; reference:url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now; reference:cve,2010-0738; reference:url,doc.emergingthreats.net/2011696; sid:2011696; rev:3;)

Added 2011-09-14 22:45:14 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt"; flow:established,to_server; content:"/HtmlAdaptor"; nocase; http_uri; content:"action=inspect"; nocase; http_uri; content:"bean"; nocase; http_uri; content:"name="; http_uri; classtype:web-application-attack; reference:url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now; reference:cve,2010-0738; reference:url,doc.emergingthreats.net/2011696; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Jboss; sid:2011696; rev:3;)

Added 2011-02-04 17:31:27 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt"; flow:established,to_server; uricontent:"/HtmlAdaptor"; nocase; uricontent:"action=inspect"; nocase; uricontent:"bean"; nocase; uricontent:"name="; classtype:web-application-attack; reference:url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now; reference:cve,2010-0738; reference:url,doc.emergingthreats.net/2011696; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Jboss; sid:2011696; rev:2;)

Added 2010-06-28 22:47:00 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats