POLICY-OTHER --
POLICY-OTHER Java User-Agent remote class download attempt
This rule logs attempts at Java class downloads with the User-Agent set as Java. These have been observed in successful exploits of Log4J for CVE's CVE-2021-44228 & CVE-2021-45046.
This rule logs attempts at Java class downloads with the User-Agent set as Java.
No public information
Known false positives, with the described conditions
This could potentially alert on known good legitimate traffic, so we did not turn this on in any policies. Please do not set this to drop traffic unless you do not wish for this behavior to be allowed. Thank you.
Cisco Talos Intelligence Group https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html https://twitter.com/mvelazco/status/1471527094609981443?s=21
No rule groups
N/A
Not Applicable
CVE-2021-44228 |
Loading description
|
CVE-2021-45046 |
Loading description
|
CVE-2021-45105 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
