This alert is triggered when detecting an SMBv3 data compression response communication. SMBv3 is a network protocol used to provide shared access to files, printers, and other communication on a network. Data compression is the process of reducing the size of data files for storage by finding and eliminating redundancy in data. This alert may be triggered when an adversary is attempting to exploit a vulnerability in the SMBv3 Data compression process.
This alert is triggered when detecting an attempt to access the VxWorks Debug Service. VxWorks is a real-time operating system (RTOS) developed by Wind River Systems. The debug service in VxWorks is a feature used by developers for troubleshooting and optimization; however, it can disclose sensitive information if it's improperly secured. This alert may be triggered when an adversary is attempting to exploit the VxWorks Debug Service by sending crafted packets to port 17185 in order to extract sensitive information, such as configuration data or operational details of the targeted device.
This alert is triggered when detecting an attempt to access the web console of a JBoss application server. The JBoss web console is a graphical user interface provided by JBoss Application Server for managing and monitoring the server and its applications. This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the JBoss web console, such as CVE-2007-1036 and CVE-2013-2185. These vulnerabilities can allow unauthorized remote code execution and administrative access.
This alert is triggered when detecting an attempt to download or transfer the EICAR test file. The EICAR test string is used to test the responsiveness of computer antivirus programs. It poses no security risk but triggers antivirus software in the same manner as a real virus. This alert may be triggered when an adversary is attempting to test the effectiveness or presence of an antivirus solution on a system by trying to download or transfer the EICAR test string.
These alerts are triggered when detecting the injection of malicious Object-Graph Navigation Language (OGNL) expressions in an HTTP request. OGNL is an expression language used by the Apache Struts framework. These alerts are triggered when an adversary is attempting to gain unauthorized access or execute malicious commands on the server by exploiting the following vulnerabilities CVE-2018-11776, CVE-2013-2134, and CVE-2013-2135.
This alert is triggered when detecting an attempt to access the JMXInvokerServlet in the JBoss application server. JBoss JMXInvokerServlet is a component of JBoss Application Server that provides access to the JMX (Java Management Extensions) console, enabling users to manage and monitor resources in a Java Virtual Machine (JVM). This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the JBoss JMXInvokerServlet, such as CVE-2007-1036 and CVE-2013-2185. These vulnerabilities can allow unauthorized remote code execution and administrative access.
These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.
These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.
This alert is triggered when detecting an attempt to access the Adobe ColdFusion administration interface. Adobe ColdFusion is a powerful web application development platform. This alert may be triggered when an adversary is attempting to gain unauthorized access to the ColdFusion admin interface.
These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.