17 matches found
Jenkins CLI - HTTP Java Deserialization
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. id: CVE-2016-9299 info: name: Jenkins CLI - HTTP Java Deserialization author:...
SUSE CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
Mageia: Security Advisory (MGASA-2016-0406)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-9299
creationtimestamp| type| source ---|---|--- 2018-05-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44642 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/jenkinsldapdeserialize.rb 2022-05-12 22:17:01+00:00|...
Fedora Update for jenkins-remoting FEDORA-2016-93679a91df
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 24 : jenkins / jenkins-remoting (2016-93679a91df)
Security fix for CVE-2016-9299 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Jenkins-LDAP (CVE-2016-9299) deserialization vulnerability analysis-vulnerability warning-the black bar safety net
Source: gone with the wind's Blog Author: iswin This vulnerability in the last 11 month of official release announcement when I was concerned too, when he was looking for com. sun. jndi. ldap. LdapAttribute this class related to the deserialization was aware of this category inside the...
Jenkins 'Java Deserialization' Remote Code Execution Vulnerability - Windows
Jenkins is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins";...
Jenkins 'Java Deserialization' Remote Code Execution Vulnerability - Linux
Jenkins is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins";...
CVE-2016-9299
Jenkins remoting module vulnerability (CVE-2016-9299): exposed in Jenkins before 2.32 and LTS before 2.19.3, allows remote code execution via a crafted serialized Java object that triggers an LDAP query to a third‑party server. This is a deserialization flaw in the remoting component that can be ...
Fedora Update for jenkins-remoting FEDORA-2016-368780879d
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : jenkins / jenkins-remoting (2016-368780879d)
Security fix for CVE-2016-9299 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
MGASA-2016-0406 Updated jenkins-remoting packages fix security vulnerability
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection...
Updated jenkins-remoting packages fix security vulnerability
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection...
Jenkins remoting module remote command execution vulnerability, CVE-2016-9299)
No description provided by source...
VulnCheck KEV: CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. Mitigation...