|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-06-18 | |
| Rule Name: | JAVA WebSocket Type MemoryShell Detection - Base64 Encoding | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Memory shell is a type of malicious code that resides entirely in memory without being written to disk. It can perform actions such as command execution and data transmission while evading traditional file-based detection. This rule is designed to detect WebSocket type JAVA Memory shells encoded in Base64. | |
| Impact: | Memory shell can be used for remote command execution, file manipulation, and data exfiltration, posing a significant security threat. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| 1. Filter and escape user input to ensure that it does not contain malicious Java code. 2. Use safe apis and functions to execute code. Avoid directly concatenating user input into code. 3. Conduct regular security audits and tests to find potential code injection vulnerabilities and fix them in time. |