security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e91fc4486e57fc40e30d12253694de4c80a9e4ea
blue-team-tools/rules/web/web_cve_2020_14882_weblogic_exploit.yml
T
frack113 4631d0c482 remove invalid tag
2022-01-19 18:23:30 +01:00

30 lines
716 B
YAML
Raw Blame History

title: Oracle WebLogic Exploit CVE-2020-14882
id: 85d466b0-d74c-4514-84d3-2bdd3327588b
status: test
description: Detects exploitation attempts on WebLogic servers
author: Florian Roth
references:
- https://isc.sans.edu/diary/26734
- https://twitter.com/jas502n/status/1321416053050667009?s=20
- https://twitter.com/sudo_sudoka/status/1323951871078223874
date: 2020/11/02
modified: 2021/11/27
logsource:
category: webserver
detection:
selection:
c-uri|contains:
- '/console/images/%252E%252E%252Fconsole.portal'
- '/console/css/%2e'
condition: selection
fields:
- c-ip
- c-dns
falsepositives:
- Unknown
level: high
tags:
- attack.t1190
- attack.initial_access
- cve.2020.14882
Reference in New Issue View Git Blame Copy Permalink