""ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)""
SID: 2029533
Revision: 3
Class Type: attempted-admin
Metadata: affected_product Apache_Tomcat, attack_target Web_Server, created_at 2020_02_25, cve CVE_2020_1938, deployment Perimeter, signature_severity Major, updated_at 2023_06_08
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 8009
Flow: established,to_server
Contents:
-
Value: "|12 34|" Depth: 2
-
Value: "|00 08|HTTP/1.1|00|"
-
Value: "javax.servlet.include.path_info|00|"
-
Value: "javax.servlet.include.request_uri|00|"
-
Value: "javax.servlet.include.servlet_path|00|"
Within:
PCRE:
Special Options:
- nocase