""ET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246)""

SID: 2047954

Revision: 1

Class Type: web-application-attack

Metadata: affected_product Apache_RocketMQ, attack_target Client_Endpoint, created_at 2023_09_07, cve CVE_2023_33246, deployment Perimeter, signature_severity Major, updated_at 2023_09_07

Reference:

• cve

• 2023-33246

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: [10909,10911]

Flow: established,to_client

Contents:

• Value: "rocketmqHome|3d 2d|c|20 24 40 7c|sh|20 2e 20|echo|20|"

• Value: "|3b|"

Within:

PCRE:

Special Options:

• fast_pattern

source