SID 1:37860

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt

Rule Explanation

There is a Java Library Commons Collection which is vulnerable to reading serialized data without verification of where it came from. So, if a service is open to communication using serialized objects, an attacker is able to substitute in a maliciously crafted serialized object in an established conversation. Impact: Attempted User Privilege Gain Details: Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2015-3253 CVE-2015-4852 CVE-2015-7450 CVE-2015-8103 CVE-2016-0638 CVE-2016-4385 CVE-2017-15708

Additional Links

foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#weblogic
github.com/frohoff/ysoserial

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2015-3253
 Loading description
CVE-2015-4852
 Loading description
CVE-2015-7450
 Loading description
CVE-2015-8103
 Loading description
CVE-2016-0638
 Loading description
CVE-2016-4385
 Loading description
CVE-2017-15708
 Loading description