""ET INFO Possible [401TRG] GhostCat LFI Successful Exploit (CVE-2020-1938)""
SID: 2046149
Revision: 2
Class Type: attempted-admin
Metadata: affected_product Apache_Tomcat, attack_target Web_Server, created_at 2023_06_07, cve CVE_2020_1938, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2023_06_08, reviewed_at 2024_01_26
Reference:
Protocol: tcp
Source Network: [$HOME_NET,$HTTP_SERVERS]
Source Port: 8009
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|3c 3f|xml|20|version|3d 22|"
-
Value: "Licensed|20|to|20|the|20|Apache|20|Software|20|Foundation|20 28|ASF|29 20|under|20|one|20|or|20|more|0a 20 20|contributor|20|license|20|agreements|2e|"
-
Value: "The|20|ASF|20|licenses|20|this|20|file|20|to|20|You|20|under|20|the|20|Apache|20|License|2c 20|Version"
-
Value: "aee/web-app_"
-
Value: "_"
-
Value: "|2e|xsd|22|"
-
Value: "|3c|display|2d|name|3e|"
-
Value: "|3c 2f|display|2d|name|3e|"
-
Value: "|3c|description|3e|"
Within: 1
PCRE:
Special Options:
- fast_pattern