""ET EXPLOIT Selenium Server Grid Chrome 3.141.59 Remote Code Execution - Successful""
SID: 2052359
Revision: 1
Class Type: successful-admin
Metadata: attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_05_02, deployment Perimeter, deployment Internal, confidence High, signature_severity Critical, updated_at 2024_05_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "500"
-
Value: "Server|3a 20|Jetty"
-
Value: "org|2e|openqa|2e|selenium|2e|WebDriverException|3a 20|unknown|20|error|3a 20|Chrome|20|failed|20|to|20|start|3a 20|exited|20|normally|2e|"
-
Value: "unknown|20|error|3a 20|DevToolsActivePort|20|file|20|doesn|27|t|20|exist|29 5c|n|20 20 28|The|20|process|20|started|20|from|20|chrome|20|location"
Within:
PCRE:
Special Options:
-
http_stat_code
-
http_header
-
file_data
-
fast_pattern