Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:DIR:HTTP-ACCEPT-LANG
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Directory Traversal Detected on HTTP Accept Language Header
Release Date	2015/02/25
Update Number	2470
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Directory Traversal Detected on HTTP Accept Language Header

This signature detects attempts to exploit a known flaw in HTTP accept-language header. A successful attack can result in directory traversal attacks.

Extended Description

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Affected Products

Jenkins jenkins 2.121.1
Jenkins jenkins 2.122
Jenkins jenkins 2.123
Jenkins jenkins 2.124
Jenkins jenkins 2.125
Jenkins jenkins 2.126
Jenkins jenkins 2.127
Jenkins jenkins 2.128
Jenkins jenkins 2.129
Jenkins jenkins 2.130
Jenkins jenkins 2.131
Jenkins jenkins 2.132

References

CVE: CVE-2018-1999002

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Directory Traversal Detected on HTTP Accept Language Header

Extended Description

Affected Products

References