#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host"; flow:established,to_server; content:".id|20|HTTP/1.1|0d 0a|"; fast_pattern; content:"|20|Java/"; http_header; content:"Host|3a 20|"; pcre:"/Host\x3a \d{4,}[^A-Za-z\.]/D"; reference:url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/; reference:cve,CVE-2010-4452; classtype:trojan-activity; sid:2012628; rev:4;)

Added 2012-06-22 00:48:42 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host"; flow:established,to_server; content:".id|20|HTTP/1.1|0d 0a|"; fast_pattern; content:"|20|Java/"; http_header; content:"Host|3a 20|"; pcre:"/Host\x3a \d{4,}[^A-Za-z\.]+/D"; reference:url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/; reference:cve,CVE-2010-4452; classtype:trojan-activity; sid:2012628; rev:3;)

Added 2011-11-16 19:57:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host"; flow:established,to_server; content:".id|20|HTTP/1.1|0d 0a|"; fast_pattern; content:"|20|Java/"; http_header; content:"Host|3a 20|"; pcre:"/Host\x3a \d{4,}[^A-Za-z\.]+/D"; reference:url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/; reference:cve,CVE-2010-4452; classtype:trojan-activity; sid:2012628; rev:3;)

Added 2011-10-12 19:34:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host"; flow:established,to_server; content:".id|20|HTTP/1.1|0d 0a|"; fast_pattern; content:"|20|Java/"; http_header; content:"Host|3a 20|"; pcre:"/Host\x3a \d{4,}[^A-Za-z\.]+/D"; classtype:trojan-activity; reference:url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/; reference:cve,CVE-2010-4452; sid:2012628; rev:3;)

Added 2011-09-21 19:26:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host"; flow:established,to_server; content:".id|20|HTTP/1.1|0d 0a|"; fast_pattern; content:"|20|Java/"; http_header; content:"Host|3a 20|"; pcre:"/Host\x3a \d{4,}[^A-Za-z\.]+/D"; classtype:trojan-activity; sid:2012628; rev:2;)

Added 2011-04-20 16:13:11 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host"; flow:established,to_server; content:".id|20|HTTP/1.1|0d 0a|"; fast_pattern; content:"|20|Java/"; http_header; content:"Host|3a 20|"; pcre:"/Host\x3a \d{4,}[^A-Za-z\.]+/D"; classtype:trojan-activity; sid:2012628; rev:2;)

Added 2011-04-05 14:30:36 UTC


Topic revision: r1 - 2012-06-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats