alert http $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; classtype:web-application-attack; sid:2010380; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:03:30 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; http_uri; content:"DeploymentScanner"; nocase; http_uri; content:"methodName=addURL"; nocase; http_uri; content:"=http"; nocase; http_uri; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; classtype:web-application-attack; sid:2010380; rev:6;)

Added 2011-10-12 19:29:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; http_uri; content:"DeploymentScanner"; nocase; http_uri; content:"methodName=addURL"; nocase; http_uri; content:"=http"; nocase; http_uri; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; sid:2010380; rev:6;)

Added 2011-09-14 22:42:50 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; http_uri; content:"DeploymentScanner"; nocase; http_uri; content:"methodName=addURL"; nocase; http_uri; content:"=http"; nocase; http_uri; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Jboss; sid:2010380; rev:6;)

Added 2011-02-04 17:29:54 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Jboss; sid:2010380; rev:4;)

Added 2010-07-29 17:38:56 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Jboss; sid:2010380; rev:4;)

Added 2010-07-29 17:38:56 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Jboss; sid:2010380; rev:2;)

Added 2009-12-01 15:31:31 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; reference:url,doc.emergingthreats.net/2010380; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Jboss; sid:2010380; rev:2;)

Added 2009-12-01 15:31:31 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; sid:2010380; rev:1;)

Added 2009-12-01 14:32:18 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (GET)"; flow:established,to_server; content:"GET"; depth:4; uricontent:"/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.deployment"; uricontent:"DeploymentScanner"; nocase; uricontent:"methodName=addURL"; nocase; uricontent:"=http"; nocase; classtype:web-application-attack; reference:url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/; reference:url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf; sid:2010380; rev:1;)

Added 2009-12-01 14:30:41 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats