Create CVE-2013-0422.yar

0c1678fb · mmorenog · GitHub · 2d5a2b0b · 0c1678fb
Commit 0c1678fb authored Jul 06, 2016 by mmorenog Committed by GitHub Jul 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 0 deletions

CVE-2013-0422.yar CVE_Rules/CVE-2013-0422.yar +21 -0

No files found.
--- a/CVE_Rules/CVE-2013-0422.yar
+++ b/CVE_Rules/CVE-2013-0422.yar
+rule CVE_2013_0422
+{
+        meta:
+                description = "Java Applet JMX Remote Code Execution"
+                cve = "CVE-2013-0422"
+                ref = "http://pastebin.com/JVedyrCe"
+                author = "adnan.shukor@gmail.com"
+                date = "12-Jan-2013"
+                version = "1"
+                impact = 4
+                hide = false
+        strings:
+                $0422_1 = "com/sun/jmx/mbeanserver/JmxMBeanServer" fullword
+                $0422_2 = "com/sun/jmx/mbeanserver/JmxMBeanServerBuilder" fullword
+                $0422_3 = "com/sun/jmx/mbeanserver/MBeanInstantiator" fullword
+                $0422_4 = "findClass" fullword
+                $0422_5 = "publicLookup" fullword
+                $class = /sun\.org\.mozilla\.javascript\.internal\.(Context|GeneratedClassLoader)/ fullword 
+        condition:
+                (all of ($0422_*)) or (all of them)
+}