Versions (5)
Version DetailsCurrent
Rev: 3 • Feb 21, 2018, 12:00 PMET WEB_SPECIFIC_APPS Possible Jenkins CLI RCE (CVE-2017-1000353)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible Jenkins CLI RCE (CVE-2017-1000353)"; flow:to_server,established; http.method; content:"POST"; nocase; http.uri; content:"/cli"; depth:4; http.header; content:"Side|3a 20|upload"; http.request_body; content:"JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJ"; fast_pattern; reference:url,blogs.securiteam.com/index.php/archives/3171; reference:cve,2017-1000353; reference:url,research.checkpoint.com/jenkins-miner-one-biggest-mining-operations-ever-discovered/; classtype:attempted-user; sid:2025376; rev:3; metadata:created_at 2018_02_21, cve CVE_2017_100035, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_24;)
Feb 21, 2018, 12:00 PM
Aug 24, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-web_specific_apps.rules