SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Apache Log4j SocketServer insecure deserialization remote code execution attempt
Remote code execution when deserializing data through SocketServer class.
This rule alerts when an attacker attempts to exploit a remote command execution vulnerability in Apache Log4j when deserializing untrusted data in SocketServer class.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2019-17571 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org