1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Jenkins Xstream Java Library Deserialization Vulnerability RCE

Attack: Jenkins Xstream Java Library Deserialization Vulnerability RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to execute arbitrary code on vulnerable installations of Jenkins Application Server. Authentication is not required to exploit this vulnerability.

Additional Information

Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.

Affected

  • Jenkins 1.637
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube