alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"161"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:48; metadata:created_at 2010_09_27, updated_at 2016_10_19;)

Added 2017-08-07 21:04:43 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"161"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:48;)

Added 2017-08-01 16:32:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"151"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:47;)

Added 2017-04-21 17:28:23 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"141"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:46;)

Added 2017-01-18 19:20:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"121"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:44;)

Added 2016-07-20 17:25:17 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"121"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:44;)

Added 2016-07-20 17:24:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"113"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:43;)

Added 2016-02-05 19:15:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"111"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:42;)

Added 2016-01-20 16:54:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"105"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:41;)

Added 2015-10-20 18:40:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"101"; within:3; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:40;)

Added 2015-07-14 19:47:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"95"; within:2; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:38;)

Added 2015-04-14 19:55:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"91"; within:2; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:37;)

Added 2015-03-23 19:11:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"85"; within:2; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; reference:url,www.oracle.com/technetwork/java/javase/2col/6u85-bugfixes-2298235.html; classtype:bad-unknown; sid:2011582; rev:36;)

Added 2014-10-14 20:43:33 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"Java/1.6.0_"; http_user_agent; content:!"81"; within:2; http_user_agent; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:35;)

Added 2014-07-15 17:03:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"75"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:32;)

Added 2014-04-15 19:16:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"71"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:31;)

Added 2014-01-14 17:03:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"65"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:30;)

Added 2013-10-15 17:32:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"51"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:29;)

Added 2013-08-19 22:51:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"45"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:28;)

Added 2013-04-16 20:09:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"43"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:27;)

Added 2013-03-04 21:43:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"41"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:26;)

Added 2013-02-25 18:01:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"41"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:26;)

Added 2013-02-21 13:23:48 UTC

Why is this rule not yet in the active ruleset?

-- GuH - 25 Feb 2013


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"39"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:25;)

Added 2013-02-05 07:48:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"39"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:25;)

Added 2013-02-04 12:45:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"39"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:25;)

Added 2013-02-04 12:49:41 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"37"; within:2; http_header; content:!"38"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:24;)

Added 2013-01-04 01:49:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"37"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:23;)

Added 2012-10-17 00:37:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"33"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:21;)

Added 2012-06-12 16:38:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"31"; within:2; http_header; content:!"32"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:20;)

Added 2012-06-05 23:03:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; http_header; content:!"31"; within:2; http_header; flowbits:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:bad-unknown; sid:2011582; rev:19;)

Added 2012-04-03 19:48:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6."; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-2]|30)/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:15;)

Added 2012-03-14 18:18:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6."; fast_pattern:only; http_header; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:14;)

Added 2012-03-01 14:34:52 UTC

Rev 14 marks all java 6 as vulnerable, which is not right for all (or most?) organizations. Put the pcre back. I had to fix it up to: pcre:"/Java\/1.6.0_([0-1]|2[0-9]|30)/"

-- KimCary - 14 Mar 2012

Thanks Kim, you're right. I'm adding back and calling 1.6.0_30 and below bad, 31 and up good.

Matt

-- MattJonkman - 14 Mar 2012


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1]|2[0-9])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:11;)

Added 2012-02-14 13:47:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1]|2[0-7])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:10;)

Added 2011-10-24 14:48:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1]|2[0-6])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:9;)

Added 2011-10-12 19:32:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1]|2[0-6])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:9;)

Added 2011-09-20 19:24:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1]|2[0-5])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:8;)

Added 2011-06-17 13:31:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1][0-9]|2[0-3])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:7;)

Added 2011-06-16 10:06:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1][0-9]|2[0-3])/"; flowbits:set,ET.http.javaclient.vulnerable; flowbits:unset,ET.http.javaclient; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:7;)

Added 2011-06-16 09:59:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1][0-9]|2[0-3])/"; threshold: type limit, count 2, seconds 300, track by_src; classtype:bad-unknown; sid:2011582; rev:6;)

Added 2011-06-06 18:57:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:" Java/1.6.0_"; fast_pattern:only; http_header; pcre:"/Java\/1.6.0_([0-1][0-9]|2[0-3])/"; classtype:bad-unknown; sid:2011582; rev:5;)

Added 2011-05-26 22:27:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.6.x Detected"; flow:established,to_server; content:"User-Agent|3a| Java/1.6.0_"; fast_pattern:only; nocase; http_header; pcre:"/Java\/1.6.0_[0-1][0-9]/"; classtype:bad-unknown; sid:2011582; rev:3;)

Added 2011-02-04 17:31:24 UTC


Topic revision: r6 - 2013-02-25 - GuH
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats