Sid 1-50459

Report a false positive

Rule Category

FILE-JAVA -- Snort has detected traffic targeting vulnerabilities that are exploited in java files such as .class or .jar.

Alert Message

FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt

Rule Explanation

This event is generated when a compiled Java byte code file (CLASS file) which exploits CVE-2014-4262 is detected. Impact: Remote code execute in context of current user Details: Ease of Attack: Medium

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2014-4262

Additional Links

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Rule Vulnerability

CVE Additional Information

CVE-2014-4262
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Details
SeverityHIGH Base Score9.3
Impact Score10.0 Exploit Score8.6
Confidentiality ImpactCOMPLETE Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE Access Vector
AuthenticationNONE Ease of Access

Affected Systems