valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10726bbb1f
SigmaHQ/rules/web/web_cve_2020_14882_weblogic_exploit.yml
frack113 c2302a15da fix cve tags
2021-08-24 10:10:45 +02:00

32 lines
897 B
YAML
Raw Blame History

title: Oracle WebLogic Exploit CVE-2020-14882
id: 85d466b0-d74c-4514-84d3-2bdd3327588b
status: experimental
description: Detects exploitation attempts on WebLogic servers
author: Florian Roth
date: 2020/11/02
modified: 2020/11/04
references:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882
- https://isc.sans.edu/diary/26734
- https://twitter.com/jas502n/status/1321416053050667009?s=20
- https://twitter.com/sudo_sudoka/status/1323951871078223874
- https://nvd.nist.gov/vuln/detail/cve-2020-14882
logsource:
category: webserver
detection:
selection:
c-uri|contains:
- '/console/images/%252E%252E%252Fconsole.portal'
- '/console/css/%2e'
condition: selection
fields:
- c-ip
- c-dns
falsepositives:
- Unknown
level: high
tags:
- attack.t1100 # an old one
- attack.t1190
- attack.initial_access
Reference in New Issue View Git Blame Copy Permalink