PT-2010-3133 · Vmware · Vmware Springsource Tc Server Runtime

Publicado

2010-05-19

Atualizado

2018-10-10

CVE-2010-1454

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VMware SpringSource tc Server Runtime versions 6.0.19 through 6.0.20 before 6.0.20.D VMware SpringSource tc Server Runtime version 6.0.25.A before 6.0.25.A-SR01

Description The issue is related to the com.springsource.tcserver.serviceability.rmi.JmxSocketListener component, which does not properly enforce the requirement for an encrypted password. This allows remote attackers to obtain JMX interface access via a blank password.

Recommendations For versions 6.0.19 through 6.0.20 before 6.0.20.D, update to version 6.0.20.D or later. For version 6.0.25.A before 6.0.25.A-SR01, update to version 6.0.25.A-SR01 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2010-1454

Produtos afetados

Vmware Springsource Tc Server Runtime

PT-2010-3133 · Vmware · Vmware Springsource Tc Server Runtime

CVE-2010-1454

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6