Vendor
medium
threat
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Jira +20
persistence
execution
command_and_control
initial_access
linux
webserver
2r
4t
medium
threat
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Elastic Defend +43
persistence
initial-access
vulnerability
linux
2r
3t
medium
advisory
Multiple Vulnerabilities in Apereo Java CAS Client
2 rules 1 TTP 1 IOCMultiple vulnerabilities have been discovered in Apereo Java CAS client versions prior to 4.1.1, potentially leading to data confidentiality breaches as detailed in the casc-jwt-vuln security bulletin.
Java CAS client
credential-access
java
2r
1t
1i