SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
This rule looks for the Java class and method org.apache.commons.lang3.event.EventUtils$EventBindingInvocationHandler that is used to bypass the NextGen Healthcare Mirth Connect denylist in order to execute Java code.
This rule fires on attempts to execute arbitrary Java code on NextGen Healthcare Mirth Connect web applications.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Insecure Deserialization
Insecure Deserialization relates to web application security. Applications turn an object into data through serialization; the reverse of that process, deserialization, can be vulnerable to attacks when the application trusts the data that is being deserialized. Serialized data is machine readable and not encrypted; serialized user-supplied data should not be trusted. Deserialization attacks can lead to remote code execution.
CVE-2023-43208 |
Loading description
|
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
