HTTP: Atlassian HipChat Plugin Template Injection Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Atlassian Jira. A successful attack can lead to arbitrary code execution.

Extended Description

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

Affected Products

Atlassian hipchat

References

CVE: CVE-2015-5603

Short Name
HTTP:CTS:ATLASN-HIPCHAT-RCE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Atlassian CVE-2015-5603 Code Execution HipChat Injection Plugin Remote Template
Release Date
03/03/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Atlassian

CVSS Score

6.5

Found a potential security threat?