HTTP: Directory Traversal Detected on HTTP Accept Language Header
This signature detects attempts to exploit a known flaw in HTTP accept-language header. A successful attack can result in directory traversal attacks.
Extended Description
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
Affected Products
Oracle communications_cloud_native_core_automated_test_suite
References
CVE: CVE-2018-1999002
Short Name
HTTP:DIR:HTTP-ACCEPT-LANG
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Accept CVE-2018-1999002 Detected Directory HTTP Header Language Traversal on
Release Date
02/25/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Oracle
Jenkins
CVSS Score
5.0