Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3096 (09/04/2018)

1 new signature:

MEDIUMHTTP:JENKINS-CVE-2018-1999001PBHTTP: Jenkins CI Server getOrCreate Policy Bypass

4 updated signatures:

LOWSCAN:AMAP:SAP-R3-ON-SSHSCAN: THC-AMAP SAP-R3 on SSH Scan
INFOCHAT:AIM:FILE-SENDAIM: Client File Send
LOWHTTP:STC:VULN:OUTLOOK-XSRFHTTP: Microsoft Outlook Web Access Cross Site Request Forgery
INFOCHAT:AIM:FILE-GETAIM: Client File Receive


Details of the signatures included within this bulletin:

SCAN:AMAP:SAP-R3-ON-SSH - SCAN: THC-AMAP SAP-R3 on SSH Scan

Severity: LOW

Description:

This signature detects the scanner tool AMAP, made by The Hacker's Choice (THC). Attackers can use THC-AMAP during their initial reconnaissance to determine services running on target hosts before launching other attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://dir.filewatcher.com/d/OpenBSD/3.7/i386/amap-4.5.tgz.41188.html
  • url: http://www.juniper.net/security/auto/vulnerabilities/vuln2250.html

CHAT:AIM:FILE-SEND - AIM: Client File Send

Severity: INFO

Description:

This signature detects file transfers between AOL Instant Messenger (AIM) clients.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-18.2, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, srx-17.4, isg-3.5.141818, idp-5.0.110121210, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609

References:

  • url: http://kingant.net/oscar/
  • url: http://en.wikipedia.org/wiki/OSCAR_protocol
  • url: http://www.aim.com/

HTTP:JENKINS-CVE-2018-1999001PB - HTTP: Jenkins CI Server getOrCreate Policy Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Jenkins CI Server. Successful exploitation causes Jenkins to revert to legacy defaults settings granting administrator access to anonymous users.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-1999001
  • url: https://jenkins.io/security/advisory/2018-07-18/#security-897

CHAT:AIM:FILE-GET - AIM: Client File Receive

Severity: INFO

Description:

This signature detects file transfers between AOL Instant Messenger (AIM) clients.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-18.2, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, srx-17.4, isg-3.5.141818, idp-5.0.110121210, idp-5.1.110170603, vsrx-15.1, idp-4.1.110110609

References:

  • url: http://en.wikipedia.org/wiki/OSCAR_protocol
  • url: http://www.kingant.net/oscar/
  • url: http://kingant.net/oscar/

HTTP:STC:VULN:OUTLOOK-XSRF - HTTP: Microsoft Outlook Web Access Cross Site Request Forgery

Severity: LOW

Description:

This signature detects Web pages containing dangerous cross site requests. A malicious Web site can exploit a known vulnerability in Microsoft Exchange Web application and gain control of the client mail application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • url: http://www.microsoft.com/exchange/default.mspx
  • bugtraq: 41843

Affected Products:

  • Microsoft outlook_web_access_for_exchange_server_2003
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out