Versions (2)
Version DetailsCurrent
Rev: 5 • May 10, 2019, 12:00 PMET WEB_SPECIFIC_APPS Jenkins RCE CVE-2019-1003000
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jenkins RCE CVE-2019-1003000"; flow:established,to_server; http.method; content:"POST"; depth:4; endswith; http.uri; content:"config.xml"; endswith; http.request_body; content:"|3c|script|3e 0a|"; content:"import|20|org|2e|buildobjects|2e|process|2e|ProcBuilder"; distance:0; fast_pattern; content:"|40|Grab|28 27|org|2e|buildobjects|3a|jproc|3a|"; distance:0; content:"|27 29 0a|"; within:12; content:"print|20|new|20|ProcBuilder|28 22 2f|"; distance:0; content:"|22 29 2e|run|28 29|"; within:200; content:"|2e|getOutputString|28|"; within:18; content:"|3c 2f|script|3e|"; within:30; reference:url,github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc; classtype:web-application-attack; sid:2027346; rev:5; metadata:attack_target Server, created_at 2019_05_10, cve CVE_2019_100300, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2020_11_19;)
May 10, 2019, 12:00 PM
Nov 19, 2020, 12:00 PM
May 10, 2019, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-web_specific_apps.rules