ET WEB_SPECIFIC_APPS Jenkins RCE CVE-2019-1003000

7.0.35.0SID: 2027346Rev: 6Enabled6 views
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedMay 10, 2019
UpdatedApril 13, 2024
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jenkins RCE CVE-2019-1003000"; flow:established,to_server; http.method; content:"POST"; startswith; endswith; http.uri; content:"config.xml"; endswith; http.request_body; content:"|3c|script|3e 0a|"; content:"import|20|org|2e|buildobjects|2e|process|2e|ProcBuilder"; distance:0; fast_pattern; content:"|40|Grab|28 27|org|2e|buildobjects|3a|jproc|3a|"; distance:0; content:"|27 29 0a|"; within:12; content:"print|20|new|20|ProcBuilder|28 22 2f|"; distance:0; content:"|22 29 2e|run|28 29|"; within:200; content:"|2e|getOutputString|28|"; within:18; content:"|3c 2f|script|3e|"; within:30; reference:url,github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc; classtype:web-application-attack; sid:2027346; rev:6; metadata:attack_target Server, created_at 2019_05_10, cve CVE_2019_100300, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2024_04_13;)

Metadata

attack targetServer
created at2019_05_10
deploymentPerimeter
performance impactLow
signature severityMajor
updated at2024_04_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!