SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt
This rule looks for the use of getDeclaredConstructors to execute arbitrary commands on a host running VMWare Cloud Director through Java Expression Language injection.
This rule alerts on exploit traffic sent to a potential victim.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2020-3956 |
Loading description
|
Tactic: Execution
Technique: Execution through API
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org