[Snort-sigs] JBoss RMI download service directory listing sig

Jon Hart jhart at ...288...
Fri Jun 2 19:01:04 EDT 2006


8083 is the default JBoss RMI download service port.  It is debatable
whether or not to change 8083 to $HTTP_PORTS.


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8083 (msg:"JBoss RMI class
download service directory listing attempt"; flow:to_server,established;
content:"GET %. HTTP/1."; reference:url,marc.theaimsgroup.com/?
l=bugtraq&m=111911095424496&w=2; classtype:web-application-attack;
sid:123456890; rev:1;)


-jon




More information about the Snort-sigs mailing list