Rule Category

SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.

Alert Message

SERVER-APACHE Apache Tomcat open redirect attempt

Rule Explanation

This rule looks for a malicious open redirect pattern sent towards a vulnerable Apache Tomcat server that causes a redirection to a non-public existent resource in the server that would expose it to an attacker.

What To Look For

This rule looks for a malicious open redirect attempt

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Defense Evasion

Technique: Hidden Files and Directories

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

Rule Vulnerability

Information Leak

Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.

CVE Additional Information