""ET WEB_SPECIFIC_APPS Oracle WebLogic RCE Shell Inbound M2 (CVE-2020-14882)""
SID: 2031147
Revision: 3
Class Type: attempted-user
Metadata: affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_10_30, cve CVE_2020_14882, deployment Perimeter, signature_severity Major, updated_at 2022_05_03, reviewed_at 2024_05_07
Reference:
-
cve
-
2020-14883
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: any
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "/console/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel="
-
Value: "com.tangosol.coherence.mvel2.sh.ShellSession("
-
Value: "com.tangosol.coherence.mvel2.sh.ShellSession("
-
Value: "java.lang.Runtime.getRuntime("
-
Value: ".exec"
Within: 75
PCRE:
Special Options:
-
http_raw_uri
-
http_raw_uri
-
http_uri
-
fast_pattern
-
http_uri
-
http_uri