""ET EXPLOIT Oracle WebLogic JNDI Injection RCE Attempt (CVE-2021-2109)""
SID: 2031532
Revision: 3
Class Type: attempted-user
Metadata: affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2021_01_20, cve CVE_2021_2109, deployment Perimeter, signature_severity Major, updated_at 2021_01_26, reviewed_at 2024_05_07
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "GET|20|" Depth: 4
-
Value: "/consolejndi.portal?"
-
Value: "_pageLabel=JNDIBindingPageGeneral"
-
Value: "_nfpb=true"
-
Value: "JNDIBindingPortletHandle=com.bea.console.handles.JndiBindingHandle("
-
Value: "ldap|3a 2f 2f|"
-
Value: "|3b|AdminServer"
Within: 20
PCRE:
Special Options:
- fast_pattern