Product
medium
threat
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Jira +20
persistence
execution
command_and_control
initial_access
linux
webserver
2r
4t
medium
threat
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Elastic Defend +43
persistence
initial-access
vulnerability
linux
2r
3t
medium
advisory
Apache Tomcat Security Bypass Vulnerability
2 rules 1 TTPA remote, anonymous attacker can exploit a vulnerability in Apache Tomcat to bypass security measures.
Tomcat
apache
security-bypass
2r
1t
high
advisory
OpenMRS ModuleResourcesServlet Path Traversal Vulnerability
2 rules 1 TTPOpenMRS Core versions 2.7.8 and earlier, as well as versions 2.8.0 through 2.8.5, contain a path traversal vulnerability in the ModuleResourcesServlet, allowing an unauthenticated attacker to read arbitrary files from the server filesystem by manipulating the URL.
Tomcat +2
path-traversal
information-disclosure
openmrs
2r
1t