Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2016-9299 - Remote Code Execution via Unsafe Deserialization #10894

Open
1 task done
princechaddha opened this issue Oct 3, 2024 · 4 comments
Open
1 task done

CVE-2016-9299 - Remote Code Execution via Unsafe Deserialization #10894

princechaddha opened this issue Oct 3, 2024 · 4 comments
Assignees
@princechaddha
Labels
template-requests Request for new Nuclei templates to be created

Comments

@princechaddha
Copy link
Member

Is there an existing template for this?

  • I have searched the existing templates.

Template requests

Description:
The remoting module in Jenkins prior to version 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code by sending a crafted serialized Java object. This vulnerability triggers an LDAP query to a third-party server, enabling remote code execution.

Severity: Critical

POC:

References:

Shodan Query: http.favicon.hash:81586312

CPE:
cpe:2.3:a:jenkins:jenkins:::::lts:::*
cpe:2.3:a:jenkins:jenkins:::::-:::*
cpe:2.3:o:fedoraproject:fedora:25:::::::*

Anything else?

No response
@princechaddha princechaddha added the template-requests Request for new Nuclei templates to be created label Oct 3, 2024
@princechaddha
Copy link
Member Author

/bounty $200

@algora-pbc Algora PBC
Copy link

algora-pbc bot commented Oct 16, 2024
edited
Loading

💎 $200 bounty • ProjectDiscovery Bounty Available for CVE Template Contribution

Steps to Contribute:

  • Claim attempt: Comment /attempt #10894 on this issue to claim attempt.
  • Write the Template: Create a high-quality Nuclei template for the specified CVE, following our Contribution Guidelines and Acceptance Criteria.
  • Submit the Template: Open a pull request (PR) to projectdiscovery/nuclei-templates and include /claim #10894 in the PR body to claim the bounty.
  • Receive Payment: Upon successful merge of your PR, you will receive 100% of the bounty through Algora.io within 2-5 days. Ensure you are eligible for payouts.

Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. You can check the FAQ for the Nuclei Templates Community Rewards Program here.

Add a bountyShare on socials

@hnd3884
Copy link

hnd3884 commented Oct 23, 2024

@princechaddha !Hi, is it required for template that can exploit? or you can accept the template that check vulnerable version?

@princechaddha
Copy link
Member Author

@hnd3884, We only add templates with full POC in this repo. You can read more about the acceptance criteria here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@princechaddha princechaddha

Labels
template-requests Request for new Nuclei templates to be created
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@princechaddha @hnd3884