HTTP: Atlassian JIRA Template Injection Code Execution
This signature detects attempts to exploit a known vulnerability against Atlassian JIRA. A successful attack can lead to arbitrary code execution.
Extended Description
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
Affected Products
Atlassian jira_server
Short Name
HTTP:JIRA-CVE-2019-11581-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Atlassian CVE-2019-11581 Code Execution Injection JIRA Template
Release Date
08/01/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3796
False Positive
Unknown
Vendors
Atlassian
CVSS Score
9.3