""ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection""
SID: 2017013
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2013_06_13, cve CVE_2012_1533, updated_at 2013_06_13, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services
Reference:
-
cve
-
2012-1533
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "<jnlp"
-
Value: "initial-heap-size"
-
Value: "max-heap-size"
-
Value: "-XXaltjvm"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase