SID 1-53064

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Jenkins Stapler web framework Accept-Language Header directory traversal attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a directory traversal vulnerability in the Jenkins Stapler web framework using the Accept-Language HTTP header. Impact: Web Application Attack Details: Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2018-1999002

Additional Links

jenkins.io/security/advisory/2018-07-18/#SECURITY-914

Rule Vulnerability

CVE Additional Information

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Details
Severity		Base Score	7.5
Impact Score	3.6	Exploit Score	3.9
Confidentiality Impact	HIGH	Integrity Impact	NONE
Availability Impact	NONE	Attack Vector	NETWORK
Scope	UNCHANGED	User Interaction	NONE
Authentication		Ease of Access	LOW
Privileges Required	NONE