CVE-2002-2006 Exploitation Attempt

Aug 21, 2020 ·

Detecting the attempt of Sensitive Information exposure via servlets

Sigma rule (View on GitHub)

 1title: CVE-2002-2006 Exploitation Attempt
 2id: b9afe036-a7a5-4c7e-ad3e-2a04c361b355
 3status: experimental
 4description: Detecting the attempt of Sensitive Information exposure via servlets
 5references:
 6    - https://www.securityfocus.com/bid/4575/exploit
 7author: Loginsoft Research Unit 
 8date: 2020/07/10
 9logsource:
10    product: Tomcat
11    category: webserver
12detection:
13    selection:
14        c-uri:
15            - '/examples/servlet/SnoopServlet'
16            - '/examples/servlet/TroubleShooter'
17        sc-status:
18            - 200
19            - 404
20    condition: selection
21falsepositives:
22  - Unknown
23level: medium```

References

https://www.securityfocus.com/bid/4575/exploit

Read More