##alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DELETED Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:".jsp?"; nocase; http_uri; content:"JSESSIONID="; nocase; http_uri; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; classtype:attempted-admin; sid:2009216; rev:8;)

Added 2012-03-13 14:42:35 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:".jsp?"; nocase; http_uri; content:"JSESSIONID="; nocase; http_uri; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; classtype:attempted-admin; sid:2009216; rev:8;)

Added 2011-10-12 19:26:52 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:".jsp?"; nocase; http_uri; content:"JSESSIONID="; nocase; http_uri; classtype:attempted-admin; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; sid:2009216; rev:8;)

Added 2011-09-14 22:40:14 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:".jsp?"; nocase; http_uri; content:"JSESSIONID="; nocase; http_uri; classtype:attempted-admin; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:8;)

Added 2011-02-04 17:28:30 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; uricontent:".jsp?"; nocase; uricontent:"JSESSIONID="; nocase; isdataat:5132; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; classtype:attempted-admin; sid:2009216; rev:5;)

Added 2009-04-20 17:00:32 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; uricontent:".jsp?"; nocase; uricontent:"JSESSIONID="; nocase; isdataat:5132; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; classtype:attempted-admin; sid:2009216; rev:5;)

Added 2009-04-20 17:00:32 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; uricontent:".jsp?"; nocase; uricontent:"JSESSIONID="; nocase; isdataat:5132; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:4;)

Added 2009-04-08 10:14:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; uricontent:".jsp?"; nocase; uricontent:"JSESSIONID="; nocase; isdataat:5132; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:4;)

Added 2009-04-08 10:14:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; uricontent:".jsp?"; nocase; uricontent:"JSESSIONID="; nocase; isdataat:5132,relative; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:3;)

Added 2009-04-07 17:02:59 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; uricontent:".jsp?"; nocase; uricontent:"JSESSIONID="; nocase; isdataat:5132,relative; reference:cve,2008-5457; reference:url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:3;)

Added 2009-04-07 17:02:59 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:"POST"; nocase; uricontent:"/index.jsp?|3b|JSESSIONID="; nocase; content:"|0d 0a|Content-Length\: 81|0d 0a|"; nocase; content:"|35 44 38 45 51 4b 5a 4c 4b 50 4a 45 48 4c|"; reference:url,infosec20.blogspot.com; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:2;)

Added 2009-04-06 19:30:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:"POST"; nocase; uricontent:"/index.jsp?|3b|JSESSIONID="; nocase; content:"|0d 0a|Content-Length\: 81|0d 0a|"; nocase; content:"|35 44 38 45 51 4b 5a 4c 4b 50 4a 45 48 4c|"; reference:url,infosec20.blogspot.com; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2009216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Oracle; sid:2009216; rev:2;)

Added 2009-04-06 19:30:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Oracle WebLogic? IIS connector JSESSIONID Remote Overflow Exploit"; flow:to_server,established; content:"POST"; nocase; uricontent:"/index.jsp?|3b|JSESSIONID="; nocase; content:"|0d 0a|Content-Length\: 81|0d 0a|"; nocase; content:"|35 44 38 45 51 4b 5a 4c 4b 50 4a 45 48 4c|"; reference:url,infosec20.blogspot.com; classtype:web-application-attack; sid:2009216; rev:1;)

Added 2009-04-06 13:22:13 UTC


Topic revision: r1 - 2012-03-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats