SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Atlassian Jira ContactAdministrators and SendBulkMail template injection remote code execution attempt
This event is generated when an attacker attempts to exploit a template injection vulnerability in Atlassian's Jira and Data Server.
Attempted User Privilege Gain
This rule checks for attempts to exploit a template injection vulnerability in Atlassian's Jira and Data Server via either the ContactAdministrators form or the SendBulkMail form.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-11581There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
||Ease of Access||LOW