Test Kennung:	1.3.6.1.4.1.25623.1.0.807001
Kategorie:	Web application abuses
Titel:	Jenkins Multiple Vulnerabilities (Nov 2015) - Windows
Zusammenfassung:	This host is installed with; Jenkins and is prone to multiple vulnerabilities.
Beschreibung:	Summary: This host is installed with Jenkins and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in 'Fingerprints' pages. - The usage of publicly accessible salt to generate CSRF protection tokens. - The XML external entity (XXE) vulnerability in the create-job CLI command. - An improper verification of the shared secret used in JNLP slave connections. - An error in sidepanel widgets in the CLI command overview and help pages. - The directory traversal vulnerability in while requesting jnlpJars. - An improper restriction on access to API tokens. - The cross-site scripting vulnerability in the slave overview page. - The unsafe deserialization in Jenkins remoting. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: All Jenkins main line releases up to and including 1.637, all Jenkins LTS releases up to and including 1.625.1. Solution: Jenkins main line users should update to 1.638, Jenkins LTS users should update to 1.625.2. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 77572 BugTraq ID: 77570 BugTraq ID: 77574 BugTraq ID: 77636 BugTraq ID: 77619 Common Vulnerability Exposure (CVE) ID: CVE-2015-5317 RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 RedHat Security Advisories: RHSA-2016:0489 http://rhn.redhat.com/errata/RHSA-2016-0489.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5318 Common Vulnerability Exposure (CVE) ID: CVE-2015-5319 Common Vulnerability Exposure (CVE) ID: CVE-2015-5320 Common Vulnerability Exposure (CVE) ID: CVE-2015-5321 Common Vulnerability Exposure (CVE) ID: CVE-2015-5322 Common Vulnerability Exposure (CVE) ID: CVE-2015-5323 Common Vulnerability Exposure (CVE) ID: CVE-2015-5324 Common Vulnerability Exposure (CVE) ID: CVE-2015-5325 Common Vulnerability Exposure (CVE) ID: CVE-2015-5326 Common Vulnerability Exposure (CVE) ID: CVE-2015-8103 http://www.securityfocus.com/bid/77636 https://www.exploit-db.com/exploits/38983/ http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html http://www.openwall.com/lists/oss-security/2015/11/09/5 http://www.openwall.com/lists/oss-security/2015/11/18/11 http://www.openwall.com/lists/oss-security/2015/11/18/13 http://www.openwall.com/lists/oss-security/2015/11/18/2 Common Vulnerability Exposure (CVE) ID: CVE-2015-7536 Common Vulnerability Exposure (CVE) ID: CVE-2015-7537 Common Vulnerability Exposure (CVE) ID: CVE-2015-7538 Common Vulnerability Exposure (CVE) ID: CVE-2015-7539
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.