CVE-2019-1003001 — Vulnetix

CVE-2019-1003001 PUBLISHED

## Snort IDS/IPS Mitigation Rule **Emerging Threats Rule SID 2033600 (rev 1)** ```snort alert tcp any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Jenkins Plugin Script RCE Exploit Attempt (CVE-2019-1003001)"; flow:established,to_server; content:"CpsFlowDefinition"; nocase; http_uri; content:"checkScriptCompile"; nocase; http_uri; content:"GrabResolver"; nocase; http_uri; content:"GrabConfig"; nocase; http_uri; content:"Grab("; nocase; http_uri; reference:url,0xdf.gitlab.io/2019/02/27/playing-with-jenkins-rce-vulnerability.html; reference:url,www.exploit-db.com/exploits/46427; reference:cve,2019-1003001; classtype:attempted-admin; sid:2033600; rev:1; metadata:attack_target Server, created_at 2021_07_28, cve CVE_2019_1003001, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2021_07_28, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;) ``` ### Implementation Steps 1. Deploy this rule to your Snort/Suricata IDS/IPS sensors 2. Ensure the rule is enabled in your sensor configuration 3. Monitor for alerts matching SID 2033600 4. For IPS mode, consider changing action from `alert` to `drop` **Classification:** attempted-admin **Confidence:** High **Severity:** Major

EPSS 93.94% · 99.9th percentile

Risk Scores

EPSS Score

93.94%

99.9th percentile

Timeline

Jan 22, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jul 28, 2021 PoC Published
Aug 24, 2021 EPSS Score
Sep 16, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 27, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 1, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Dec 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

Emerging Threats Snort Rule SID 2033600 mitigation
https://0xdf.gitlab.io/2019/02/27/playing-with-jenkins-rce-vulnerability.html advisory
https://www.exploit-db.com/exploits/46427 advisory

Open in Interactive Console →