{"attackName":"00000056","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{LOG4J}","eventTrigger":"127.0.0.1","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 04:37:30.000661 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"LOG4J","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"36684","cveId":"029ee2bb-3dd8-4b44-b115-b290a6fb9e3c","detailJson":{"classname":"java.net.SocketPermission","ptype":"SOCKET","socketOut":"127.0.0.1:1389","methodName":"java.base/java.net.Socket.connect","socketAddr":"127.0.0.1","apiServerExternal":true,"socketFromLog4j":true},"environment":"astronomy-shop-us","eventType":"SOCKET_RESOLVE","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"127.0.0.1","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"CVE-2021-44228","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/java.net.Socket.connect(Unknown Source)\njava.base/java.net.Socket.\u003cinit\u003e(Unknown Source)\njava.base/javax.net.DefaultSocketFactory.createSocket(Unknown Source)\njava.naming/com.sun.jndi.ldap.Connection.createConnectionSocket(Unknown Source)\njava.naming/com.sun.jndi.ldap.Connection.createSocket(Unknown Source)\njava.naming/com.sun.jndi.ldap.Connection.\u003cinit\u003e(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapClient.\u003cinit\u003e(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapCtx.\u003cinit\u003e(Unknown Source)\njava.naming/com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(Unknown Source)\njava.naming/com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(Unknown Source)\njava.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(Unknown Source)\njava.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(Unknown Source)\njava.naming/javax.naming.InitialContext.lookup(Unknown Source)\norg.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)\norg.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)\norg.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:198)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)\norg.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)\norg.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)\norg.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:341)\norg.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:240)\norg.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:225)\norg.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)\norg.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)\norg.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)\norg.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)\norg.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)\norg.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:543)\norg.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:502)\norg.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:485)\norg.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:460)\norg.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)\norg.apache.logging.log4j.core.Logger.log(Logger.java:162)\norg.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2190)\norg.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2144)\norg.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2127)\norg.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)\norg.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1975)\norg.apache.logging.log4j.spi.AbstractLogger.error(AbstractLogger.java:732)\njava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\njava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)\njava.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)\njava.base/java.lang.reflect.Method.invoke(Unknown Source)\ncom.appd.e2e.JavaSecureAppTestApp$LoginServlet.doGet(JavaSecureAppTestApp.java:373)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T04:37:30.00066Z","vulnerabilityInfo":{"cvePublishDate":"2021-12-10T10:10:01Z","cvssScore":10,"cvssSeverity":"CRITICAL","cveNvdUrl":"https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720","incidentFirstDetected":"2026-04-28T02:38:01Z","kennaScore":100,"library":"org.apache.logging.log4j:log4j-core","title":"Remote Code Execution (RCE)","type":"java","kennaActiveInternetBreach":true,"kennaEasilyExploitable":true,"kennaMalwareExploitable":true,"kennaPredictedExploitable":true,"kennaPopularTarget":true},"vulnerableMethod":"org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)","webTransactionUrl":"http://localhost:8080/api/v1/auth/login"}]}
{"attackName":"00000055","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{SQL}","eventTrigger":"SELECT * FROM users WHERE name = '' OR *=* --'","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 03:59:53.000108 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"SQL","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"37499","cveId":"00000000-0000-0000-0000-000000000000","detailJson":{"name":"Non Parameterized SQL Query detected","sql":"SELECT * FROM users WHERE name = '' OR *=* --'","sqlSignals":{"containsComment":true,"containsOrTrue":true}},"environment":"astronomy-shop-us","eventType":"SQL_NONPARAM","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"SELECT * FROM users WHERE name = '' OR *=* --'","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"org.h2.jdbc.JdbcStatement.executeQuery(JdbcStatement.java)\ncom.appd.e2e.JavaSecureAppTestApp$UserSearchServlet.doGet(JavaSecureAppTestApp.java:341)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T03:59:53.000108Z","vulnerabilityInfo":null,"vulnerableMethod":"","webTransactionUrl":"http://localhost:8080/api/v1/users/search"}]}
{"attackName":"00000054","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{SSRF}","eventTrigger":"169.254.169.254","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 03:29:50.000918 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"SSRF","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"35426","cveId":"00000000-0000-0000-0000-000000000000","detailJson":{"classname":"java.net.SocketPermission","ptype":"SOCKET","socketOut":"169.254.169.254:80","methodName":"java.base/sun.net.www.http.HttpClient.openServer","socketAddr":"169.254.169.254","apiServerExternal":true,"apiToMetadataServer":true},"environment":"astronomy-shop-us","eventType":"SOCKET_RESOLVE","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"169.254.169.254","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/sun.net.www.http.HttpClient.openServer(Unknown Source)\njava.base/sun.net.www.http.HttpClient.\u003cinit\u003e(Unknown Source)\njava.base/sun.net.www.http.HttpClient.New(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)\njava.base/java.security.AccessController.doPrivileged(Unknown Source)\njava.base/java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)\njava.base/java.security.AccessController.doPrivileged(Unknown Source)\njava.base/java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)\njava.base/java.net.HttpURLConnection.getResponseCode(Unknown Source)\ncom.appd.e2e.JavaSecureAppTestApp$LinkPreviewServlet.doGet(JavaSecureAppTestApp.java:312)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T03:29:50.000917Z","vulnerabilityInfo":null,"vulnerableMethod":"","webTransactionUrl":"http://localhost:8080/api/v1/links/preview"}]}
{"attackName":"00000053","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{RCE}","eventTrigger":"/bin/echo convert-document","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 02:59:50.000764 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"RCE","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"22941","cveId":"0a5b6a6c-16e6-4f53-99dd-9fa369580817","detailJson":{"classname":"java.io.FilePermission","ptype":"EXECUTE","command":"/bin/echo convert-document","workingDir":"/app/.","methodName":"java.base/java.lang.ProcessBuilder.start"},"environment":"astronomy-shop-us","eventType":"EXECUTE","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"/bin/echo convert-document","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"CVE-2017-5638","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/java.lang.ProcessBuilder.start(Unknown Source)\ncom.appd.e2e.JavaSecureAppTestApp$RceThrowable.getMessage(JavaSecureAppTestApp.java:290)\norg.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.buildErrorMessage(JakartaMultiPartRequest.java:123)\ncom.appd.e2e.JavaSecureAppTestApp$VulnMultiPartRequest.triggerRce(JavaSecureAppTestApp.java:280)\ncom.appd.e2e.JavaSecureAppTestApp$DocumentConvertServlet.doGet(JavaSecureAppTestApp.java:254)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T02:59:50.000764Z","vulnerabilityInfo":{"cvePublishDate":"2017-03-21T15:30:44Z","cvssScore":10,"cvssSeverity":"CRITICAL","cveNvdUrl":"https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207","incidentFirstDetected":"2026-04-28T02:38:01Z","kennaScore":100,"library":"org.apache.struts:struts2-core","title":"Arbitrary Code Execution","type":"java","kennaActiveInternetBreach":true,"kennaEasilyExploitable":true,"kennaMalwareExploitable":true,"kennaPredictedExploitable":true,"kennaPopularTarget":false},"vulnerableMethod":"org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.buildErrorMessage(JakartaMultiPartRequest.java:123)","webTransactionUrl":"http://localhost:8080/api/v1/documents/convert"}]}
{"attackName":"00000052","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{DESEREAL}","eventTrigger":"org.apache.commons.fileupload.disk.DiskFileItem","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 01:51:56.000796 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"DESEREAL","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"60270","cveId":"5015a4ac-630d-4de0-9680-ad6abfc87b6a","detailJson":{"classname":"org.apache.commons.fileupload.disk.DiskFileItem"},"environment":"astronomy-shop-us","eventType":"CLASS_DESERIAL","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"org.apache.commons.fileupload.disk.DiskFileItem","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"CVE-2020-1714","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/java.io.ObjectInputStream.resolveClass(Unknown Source)\njava.base/java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)\njava.base/java.io.ObjectInputStream.readClassDesc(Unknown Source)\njava.base/java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)\njava.base/java.io.ObjectInputStream.readObject0(Unknown Source)\njava.base/java.io.ObjectInputStream.readObject(Unknown Source)\norg.keycloak.common.util.KerberosSerializationUtils.deserialize(KerberosSerializationUtils.java:115)\norg.keycloak.common.util.KerberosSerializationUtils.deserializeCredential(KerberosSerializationUtils.java:74)\ncom.appd.e2e.JavaSecureAppTestApp$SessionImportServlet.doGet(JavaSecureAppTestApp.java:398)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T01:51:56.000796Z","vulnerabilityInfo":{"cvePublishDate":"2020-05-13T16:12:27Z","cvssScore":7.5,"cvssSeverity":"HIGH","cveNvdUrl":"https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568921","incidentFirstDetected":"2026-04-28T02:38:01Z","kennaScore":27.5046,"library":"org.keycloak:keycloak-common","title":"Remote Code Execution (RCE)","type":"java","kennaActiveInternetBreach":false,"kennaEasilyExploitable":true,"kennaMalwareExploitable":false,"kennaPredictedExploitable":false,"kennaPopularTarget":false},"vulnerableMethod":"org.keycloak.common.util.KerberosSerializationUtils.deserialize(KerberosSerializationUtils.java:115)","webTransactionUrl":"http://localhost:8080/api/v1/sessions/import"}]}
{"attackName":"00000051","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{LOG4J}","eventTrigger":"127.0.0.1","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 01:21:56.000593 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"LOG4J","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"32034","cveId":"029ee2bb-3dd8-4b44-b115-b290a6fb9e3c","detailJson":{"classname":"java.net.SocketPermission","ptype":"SOCKET","socketOut":"127.0.0.1:1389","methodName":"java.base/java.net.Socket.connect","socketAddr":"127.0.0.1","apiServerExternal":true,"socketFromLog4j":true},"environment":"astronomy-shop-us","eventType":"SOCKET_RESOLVE","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"127.0.0.1","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"CVE-2021-44228","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/java.net.Socket.connect(Unknown Source)\njava.base/java.net.Socket.\u003cinit\u003e(Unknown Source)\njava.base/javax.net.DefaultSocketFactory.createSocket(Unknown Source)\njava.naming/com.sun.jndi.ldap.Connection.createConnectionSocket(Unknown Source)\njava.naming/com.sun.jndi.ldap.Connection.createSocket(Unknown Source)\njava.naming/com.sun.jndi.ldap.Connection.\u003cinit\u003e(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapClient.\u003cinit\u003e(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)\njava.naming/com.sun.jndi.ldap.LdapCtx.\u003cinit\u003e(Unknown Source)\njava.naming/com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(Unknown Source)\njava.naming/com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(Unknown Source)\njava.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(Unknown Source)\njava.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(Unknown Source)\njava.naming/javax.naming.InitialContext.lookup(Unknown Source)\norg.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)\norg.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)\norg.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:198)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)\norg.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)\norg.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)\norg.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)\norg.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:341)\norg.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:240)\norg.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:225)\norg.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)\norg.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)\norg.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)\norg.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)\norg.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)\norg.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)\norg.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:543)\norg.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:502)\norg.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:485)\norg.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:460)\norg.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)\norg.apache.logging.log4j.core.Logger.log(Logger.java:162)\norg.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2190)\norg.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2144)\norg.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2127)\norg.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)\norg.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1975)\norg.apache.logging.log4j.spi.AbstractLogger.error(AbstractLogger.java:732)\njava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\njava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)\njava.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)\njava.base/java.lang.reflect.Method.invoke(Unknown Source)\ncom.appd.e2e.JavaSecureAppTestApp$LoginServlet.doGet(JavaSecureAppTestApp.java:373)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T01:21:56.000593Z","vulnerabilityInfo":{"cvePublishDate":"2021-12-10T10:10:01Z","cvssScore":10,"cvssSeverity":"CRITICAL","cveNvdUrl":"https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720","incidentFirstDetected":"2026-04-28T02:38:01Z","kennaScore":100,"library":"org.apache.logging.log4j:log4j-core","title":"Remote Code Execution (RCE)","type":"java","kennaActiveInternetBreach":true,"kennaEasilyExploitable":true,"kennaMalwareExploitable":true,"kennaPredictedExploitable":true,"kennaPopularTarget":true},"vulnerableMethod":"org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)","webTransactionUrl":"http://localhost:8080/api/v1/auth/login"}]}
{"attackName":"00000050","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{SQL}","eventTrigger":"SELECT * FROM users WHERE name = '' OR *=* --'","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 00:49:55.000775 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"SQL","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"27606","cveId":"00000000-0000-0000-0000-000000000000","detailJson":{"name":"Non Parameterized SQL Query detected","sql":"SELECT * FROM users WHERE name = '' OR *=* --'","sqlSignals":{"containsComment":true,"containsOrTrue":true}},"environment":"astronomy-shop-us","eventType":"SQL_NONPARAM","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"SELECT * FROM users WHERE name = '' OR *=* --'","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"org.h2.jdbc.JdbcStatement.executeQuery(JdbcStatement.java)\ncom.appd.e2e.JavaSecureAppTestApp$UserSearchServlet.doGet(JavaSecureAppTestApp.java:341)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T00:49:55.000775Z","vulnerabilityInfo":null,"vulnerableMethod":"","webTransactionUrl":"http://localhost:8080/api/v1/users/search"}]}
{"attackName":"00000049","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{SSRF}","eventTrigger":"169.254.169.254","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-07 00:19:53.000646 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"SSRF","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"30188","cveId":"00000000-0000-0000-0000-000000000000","detailJson":{"classname":"java.net.SocketPermission","ptype":"SOCKET","socketOut":"169.254.169.254:80","methodName":"java.base/sun.net.www.http.HttpClient.openServer","socketAddr":"169.254.169.254","apiServerExternal":true,"apiToMetadataServer":true},"environment":"astronomy-shop-us","eventType":"SOCKET_RESOLVE","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"169.254.169.254","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/sun.net.www.http.HttpClient.openServer(Unknown Source)\njava.base/sun.net.www.http.HttpClient.\u003cinit\u003e(Unknown Source)\njava.base/sun.net.www.http.HttpClient.New(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)\njava.base/java.security.AccessController.doPrivileged(Unknown Source)\njava.base/java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)\njava.base/java.security.AccessController.doPrivileged(Unknown Source)\njava.base/java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)\njava.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)\njava.base/java.net.HttpURLConnection.getResponseCode(Unknown Source)\ncom.appd.e2e.JavaSecureAppTestApp$LinkPreviewServlet.doGet(JavaSecureAppTestApp.java:312)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-07T00:19:53.000646Z","vulnerabilityInfo":null,"vulnerableMethod":"","webTransactionUrl":"http://localhost:8080/api/v1/links/preview"}]}
{"attackName":"00000048","attackStatus":"OPEN","attackSource":"UNKNOWN","attackOutcome":"EXPLOITED","attackTypes":"{RCE}","eventTrigger":"/bin/echo convert-document","environment":"astronomy-shop-us","service":"ad","lastDetected":"2026-05-06 23:49:53.000408 +0000 UTC","attackEvents":[{"attackOutcome":"EXPLOITED","attackTypes":"RCE","blocked":false,"blockedReason":"","clientAddress":"","clientAddressType":0,"clientPort":"47402","cveId":"0a5b6a6c-16e6-4f53-99dd-9fa369580817","detailJson":{"classname":"java.io.FilePermission","ptype":"EXECUTE","command":"/bin/echo convert-document","workingDir":"/app/.","methodName":"java.base/java.lang.ProcessBuilder.start"},"environment":"astronomy-shop-us","eventType":"EXECUTE","jvmId":"e71be045-28a4-4159-b1f4-b90d3e8d0a13","keyInfo":"/bin/echo convert-document","maliciousIpOut":"","maliciousIpSource":"","maliciousIpSourceOut":"","matchedCveName":"CVE-2017-5638","serverAddress":"172.18.0.3","serverName":"Unknown","serverPort":"8080","service":"ad","serviceId":"0c4acf0c-99ef-40e9-b771-b1e778e4f409","stackTrace":"java.base/java.lang.ProcessBuilder.start(Unknown Source)\ncom.appd.e2e.JavaSecureAppTestApp$RceThrowable.getMessage(JavaSecureAppTestApp.java:290)\norg.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.buildErrorMessage(JakartaMultiPartRequest.java:123)\ncom.appd.e2e.JavaSecureAppTestApp$VulnMultiPartRequest.triggerRce(JavaSecureAppTestApp.java:280)\ncom.appd.e2e.JavaSecureAppTestApp$DocumentConvertServlet.doGet(JavaSecureAppTestApp.java:254)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:687)\njavax.servlet.http.HttpServlet.service(HttpServlet.java:790)\norg.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)\norg.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)\norg.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)\norg.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)\norg.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)\norg.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)\norg.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)\norg.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)\norg.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\norg.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)\norg.eclipse.jetty.server.Server.handle(Server.java:516)\norg.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)\norg.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)\norg.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)\norg.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)\norg.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)\norg.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)\norg.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)\norg.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)\norg.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)\norg.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)\norg.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:137)\norg.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)\norg.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)\njava.base/java.lang.Thread.run(Unknown Source)\n","timestamp":"2026-05-06T23:49:53.000408Z","vulnerabilityInfo":{"cvePublishDate":"2017-03-21T15:30:44Z","cvssScore":10,"cvssSeverity":"CRITICAL","cveNvdUrl":"https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207","incidentFirstDetected":"2026-04-28T02:38:01Z","kennaScore":100,"library":"org.apache.struts:struts2-core","title":"Arbitrary Code Execution","type":"java","kennaActiveInternetBreach":true,"kennaEasilyExploitable":true,"kennaMalwareExploitable":true,"kennaPredictedExploitable":true,"kennaPopularTarget":false},"vulnerableMethod":"org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.buildErrorMessage(JakartaMultiPartRequest.java:123)","webTransactionUrl":"http://localhost:8080/api/v1/documents/convert"}]}