HTTP: Jenkins XStream Command Injection
This signature detects attempts to exploit a known vulnerability against Jenkins CI Server on XML Object via command Injection. Versions 1.649 and prior are vulnerable to command injection attack. Attackers can execute command on Application server on successful exploitation.
Extended Description
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Affected Products
Jenkins jenkins
Short Name
HTTP:JENKINS-XSTREAM-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-0792 Command Injection Jenkins XStream
Release Date
04/13/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Jenkins
Redhat
CVSS Score
9.0