CVE-2015-8103
CVE-2015-8103
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 86.8%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Ciclo de vida
06 nov 2015Exploit Metasploit disponible
25 nov 2015Publicada en NVD
15 dic 2015PoC pública
Velocidad de armamento
19 díashasta el primer PoC
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Productos afectados
n/a · n/aPoCs públicas encontradas — 5
githubgithub.com/cved-sources/cve-2015-8103★ 0githubgithub.com/r00t4dm/Jenkins-CVE-2015-8103★ 0cve_referencepacketstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.htmlno verificadocve_referencewww.exploit-db.com/exploits/38983/no verificadoexploitdbwww.exploit-db.com/exploits/38983no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkinshttp://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0489.htmlhttps://access.redhat.com/errata/RHSA-2016:0070https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-clihttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11https://www.exploit-db.com/exploits/38983/http://www.openwall.com/lists/oss-security/2015/11/09/5http://www.openwall.com/lists/oss-security/2015/11/18/11http://www.openwall.com/lists/oss-security/2015/11/18/13http://www.openwall.com/lists/oss-security/2015/11/18/2http://www.securityfocus.com/bid/77636