PT-2015-5622 · Red Hat+1 · Jboss+2

Publicado

2015-04-22

Atualizado

2016-12-03

CVE-2015-2117

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions prior to 4.1 patch 3 HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions 4.2 before patch 1

Description The issue allows remote attackers to execute arbitrary code without requiring authentication for JBoss RMI requests. This can be achieved by either uploading the code within an archive or instantiating a class.

Recommendations For HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions prior to 4.1 patch 3, apply patch 3 to resolve the issue. For HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions 4.2 before patch 1, apply patch 1 to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2015-2117

ZDI-15-154

Produtos afetados

Hp Tippingpoint Security Management System

Jboss

Tippingpoint Virtual Security Management System

PT-2015-5622 · Red Hat+1 · Jboss+2

CVE-2015-2117

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6