""ET WEB_SPECIFIC_APPS Apache Flink Arbitrary File Read Attempt (CVE-2020-17519)""

SID: 2053042

Revision: 1

Class Type: attempted-recon

Metadata: affected_product Apache_Flink, attack_target Web_Server, tls_state plaintext, created_at 2024_05_30, cve CVE_2020_17519, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_05_30

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: [$HTTP_PORTS,8081]

Flow: established,to_server

Contents:

• Value: "GET /jobmanager/logs/" Depth: 21

Within:

PCRE: "/^GET\x20\/jobmanager\/logs\/\x2e\x2e%252f/"

Special Options:

source