[Silicon Defense logo]

SnortSnarf signature page

SERVER-ORACLE Oracle WebLogic Server remote command execution attempt

SnortSnarf v021111.1

Signature section (111)Top 20 source IPsTop 20 dest IPs

53 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 03:57:21.406655 on 03/31/2018
Latest such alert at 06:29:50.292311 on 05/21/2018

SERVER-ORACLE Oracle WebLogic Server remote command execution attempt 51 sources 1 destinations
Priority: 1Classification: Attempted Administrator Privilege Gain
[sid:45304] [BUGTRAQ:97884][Xref => http://www.securityfocus.com/bid/101304]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
118.24.158.592211
45.119.82.1002211
58.20.50.971111
47.98.162.1491111
119.254.111.1231111
47.91.235.281111
36.41.187.1621111
218.3.142.1361111
181.143.85.2501111
110.249.215.1371111
218.69.91.181111
119.29.148.611111
49.51.69.111111
118.97.147.2031111
125.35.11.301111
116.113.80.541111
54.164.169.391111
80.13.134.1081111
187.190.22.471111
140.143.196.1581111
190.14.242.2431111
123.206.73.381111
103.9.88.2041111
140.143.242.951111
47.52.167.1741111
184.188.136.1941111
123.206.87.1291111
118.24.13.461111
111.231.227.1841111
118.24.18.1931111
192.144.139.951111
119.27.186.141111
183.131.217.2051111
119.27.170.271111
96.64.233.1451111
91.239.194.91111
186.136.228.71111
111.230.64.2491111
185.229.226.1851111
117.205.6.1171111
140.143.136.2361111
218.76.158.2031111
122.112.214.951111
150.109.69.831111
121.31.21.1341111
119.27.181.1951111
50.254.129.691111
114.118.1.1301111
111.231.133.721111
120.77.36.711111
59.33.174.1621111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.37531075175

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Mon May 21 15:01:01 2018