Et rule 2033600 - Magic-SigExplorer

""ET EXPLOIT Jenkins Plugin Script RCE Exploit Attempt (CVE-2019-1003001)""

SID: 2033600

Revision: 1

Class Type: attempted-admin

Metadata: attack_target Server, created_at 2021_07_28, cve CVE_2019_1003001, deployment Perimeter, deployment Internal, signature_severity Major, tag Exploit, updated_at 2021_07_28, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application

Reference:

cve
2019-1003001

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: any

Flow: established,to_server

Contents:

Value: "CpsFlowDefinition"
Value: "checkScriptCompile"
Value: "GrabResolver"
Value: "GrabConfig"
Value: "Grab("

Within:

PCRE:

Special Options:

nocase
http_uri
nocase
http_uri
nocase
http_uri
nocase
http_uri
nocase
http_uri

source