alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Atlassian JIRA Template Injection RCE (CVE-2019-11581)"; flow:established,to_server; content:"POST"; http_method; content:"/secure/ContactAdministrators"; http_uri; fast_pattern; content:".jspa"; http_uri; isdataat:!1,relative; content:"subject="; http_client_body; content:"|2e|forName"; http_client_body; distance:0; content:"java.lang.Runtime"; http_client_body; distance:2; within:23; content:"|2e|getMethod"; http_client_body; distance:2; within:16; content:"getRuntime"; http_client_body; distance:1; within:16; content:"|2e|exec"; http_client_body; distance:0; content:"|2e|waitFor"; http_client_body; distance:0; metadata: former_category WEB_SPECIFIC_APPS; reference:url,medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f; reference:url,confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html; reference:cve,CVE-2019-11581; classtype:attempted-admin; sid:2027711; rev:3; metadata:attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2019_07_15, performance_impact Low, updated_at 2019_07_15;)

Added 2019-07-16 19:45:18 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Atlassian JIRA Template Injection RCE (CVE-2019-11581)"; flow:established,to_server; content:"POST"; http_method; content:"/secure/ContactAdministrators"; http_uri; fast_pattern; content:".jspa"; http_uri; isdataat:!1,relative; content:"subject="; http_client_body; content:"|2e|forName"; http_client_body; distance:0; content:"java.lang.Runtime"; http_client_body; distance:2; within:23; content:"|2e|getMethod"; http_client_body; distance:2; within:16; content:"getRuntime"; http_client_body; distance:1; within:16; content:"|2e|exec"; http_client_body; distance:0; content:"|2e|waitFor"; http_client_body; distance:0; metadata: former_category WEB_SPECIFIC_APPS; reference:url,medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f; reference:url,confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html; classtype:attempted-admin; sid:2027711; rev:2; metadata:attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2019_07_15, performance_impact Low, updated_at 2019_07_15;)

Added 2019-07-15 19:05:23 UTC



This topic: Main > 2027711
Topic revision: r1 - 2019-07-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats