""ET INFO Apache ActiveMQ Instance - Vulnerable to CVE-2023-46604 - Remote Instance""
SID: 2049008
Revision: 2
Class Type: misc-activity
Metadata: attack_target Server, created_at 2023_11_01, cve CVE_2023_46604, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, updated_at 2023_11_03, reviewed_at 2023_11_03
Reference:
-
cve
-
2023-46604
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|01|ActiveMQ" Depth: 9 Offset: 4
-
Value: "ProviderVersion"
-
Value: "5."
Within: 2
PCRE: "/^(?:1(?:(?:4.[012345]|[02].[012]|3.[01234]|1.[0123])|5.(?:[023456789]|1[012345])|6.[0123456]|7.[012345]|8.[012]|.0)|[02678].0|4.[0123]|3.[012]|5.[01]|9.[01])/R"
Special Options:
- fast_pattern