SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
This rule alerts from an expression language injection into an URI of a target running Java. This looks for banned imports in Struts that could be used maliciously to run code on a target.
This rule alerts from an expression language injection into an URI of a target running Java.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Insecure Deserialization
Insecure Deserialization relates to web application security. Applications turn an object into data through serialization; the reverse of that process, deserialization, can be vulnerable to attacks when the application trusts the data that is being deserialized. Serialized data is machine readable and not encrypted; serialized user-supplied data should not be trusted. Deserialization attacks can lead to remote code execution.
CVE-2022-26134 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
