Category: Server-Other
( 35 Alerts)SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt
This alert is triggered when identifying an attempt to exploit CVE-2016-6304, a denial of service vulnerability. this is indicated by a high volume of OCSP (Online Certificate Status Protocol) requests sent to an internal server over HTTP.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Oracle GoldenGate arbitrary file write attempt
The alert detects attempts to exploit an arbitrary file write vulnerability in Oracle GoldenGate. The rule looks for specific content patterns in the TCP payload that may indicate an attempt to exploit the vulnerability. This rule helps to identify potential exploits targeting the mentioned vulnerability
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.
SERVER-OTHER Apache Log4j logging remote code execution attempt
the alert detects attempts to exploit the Apache Log4j vulnerability for remote code execution. The rule matches on HTTP requests containing the string ${jndi: in the URI. The rule generates an alert when such traffic is detected flowing towards the server on an established connection. This rule helps to identify potential attempts to exploit the known Apache Log4j vulnerabilities and can aid in mitigating the risks associated with this critical security issue.