HTTP: Sweet Orange Exploit Kit Landing Page in.php Base64 URI
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Extended Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
Affected Products
Oracle jre
References
CVE: CVE-2010-0188
Short Name
HTTP:EK-SWEET-ORANGE-LP-URI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Base64 CVE-2010-0188 CVE-2012-0422 CVE-2012-0431 CVE-2012-0607 CVE-2012-1723 CVE-2012-4681 CVE-2012-5076 CVE-2013-2423 Exploit Kit Landing Orange Page Sweet URI in.php
Release Date
10/15/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3700
False Positive
Unknown
Vendors
Opensuse
Oracle
Canonical
CVSS Score
9.3
10.0
4.3