This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote web server is affected by a remote code execution
The remote web server hosts a version of Jenkins or Jenkins Enterprise
that is prior to 1.642.2 or 1.650. It is, therefore, affected by a
Java deserialization vulnerability. An unauthenticated, remote
attacker can exploit this, by deserializing specific java.rmi and
sun.rmi objects, to start a JRMP listener on the server. The JRMP
listener can then be exploited over RMI using objects in the Groovy or
Apache Commons Collections libraries, resulting in the execution of
Note that the server is reportedly affected by a number of other
vulnerabilities per the Jenkins Security advisory; however, Nessus has
not tested for these.
See also :
Upgrade to Jenkins version 1.642.2 / 1.650 or later. Alternatively,
disable the CLI port per the vendor advisory.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true