Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Jenkins CLI arbitrary Java object deserialization attempt

Rule Explanation

This event is generated when a serialized java object is sent to the Jenkins CLI. Impact: Attempted Administrator Privilege Gain Details: A Java object deserialization vulnerability exists in the Jenkins CLI interface. This event is triggered when a serialized Java object is sent to the interface. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

Known false positives, with the described conditions

Non-malicious serialized java objects

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
Details
Severity Base Score9.8
Impact Score5.9 Exploit Score3.9
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredNONE