SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Oracle WebLogic Server command injection attempt
This rule looks for command injection parameters within web requests to Oracle WebLogic servers.
What To Look For
This rule fires when an attempt to exploit CVE-2020-14882 targeting Oracle WebLogic servers is detected.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here:
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE Additional Information