Update weblogic-t3-detect.yaml

2024-05-07 19:10:46 +05:30 · 2024-05-07 19:10:46 +05:30 · 12f90d5f74
parent bf53ee0d10
commit 12f90d5f74
1 changed files with 9 additions and 23 deletions
--- a/network/detection/weblogic-t3-detect.yaml
+++ b/network/detection/weblogic-t3-detect.yaml
@ -6,24 +6,20 @@ info:
  severity: info
  description: |
    T3 is the protocol used to transport information between WebLogic servers and other types of Java programs.
+  impact: |
+    May indicate potential exposure to Weblogic T3 Protocol vulnerabilities
+  remediation: |
+    Ensure proper configuration and security measures are in place for Weblogic T3 Protocol
  metadata:
    max-request: 2
  tags: network,weblogic,detect,t3,oracle
+
 tcp:
  - inputs:
-      - data: "t3 12.2.1
-
-          AS:255
-
-          HL:19
-
-          MS:10000000
-
-          PU:t3://us-l-breens:7001
-
-          \n"
+      - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
    host:
      - "{{Hostname}}"
+    port: 7001
    read-size: 1024
    matchers:
      - type: word
@ -38,20 +34,11 @@ tcp:
          - "HELO:(.*).false"

  - inputs:
-      - data: "t3s 12.2.1
-
-          AS:255
-
-          HL:19
-
-          MS:10000000
-
-          PU:t3://us-l-breens:7001
-
-          \n"
+      - data: "t3s 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
    host:
      - "tls://{{Hostname}}"
    read-size: 1024
+    port: 7002
    matchers:
      - type: word
        words:
@ -63,4 +50,3 @@ tcp:
        group: 1
        regex:
          - "HELO:(.*).false"
-# digest: 4b0a004830460221008e4fc5512e10a4bac580826b8cb65a981a9ef61b55f63c6f892cf0dde4b500a8022100e08f41e4f5d99713ff8e920b11a1fdfa70f7b1f5f5d0a2df25aa91bf69a010df:922c64590222798bb761d5b6d8e72950