""ET EXPLOIT Oracle Weblogic Server Deserialization RCE T3 (CVE-2015-4852)""
SID: 2035204
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2022_02_15, cve CVE_2015_4852, updated_at 2022_02_15
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: [$HOME_NET,$HTTP_SERVERS]
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "|00 00|" Depth: 2
-
Value: "|01 65|"
-
Value: "|ac ed 00|"
-
Value: "weblogic.rjvm.ClassTableEntry"
Within: 2
PCRE:
Special Options:
- fast_pattern