ID de Prueba:	1.3.6.1.4.1.25623.1.0.103811
Categoría:	Web application abuses
Título:	Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution - Active Check
Resumen:	Apache Tomcat/JBoss Application Server is prone to multiple; remote code execution (RCE) vulnerabilities.
Descripción:	Summary: Apache Tomcat/JBoss Application Server is prone to multiple remote code execution (RCE) vulnerabilities. Vulnerability Insight: The specific flaw exists within the exposed EJBInvokerServlet and JMXInvokerServlet. An unauthenticated attacker can post a marshalled object allowing them to install an arbitrary application on the target server. Vulnerability Impact: Successfully exploiting these issues may allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial of service condition. Affected Software/OS: Apache Tomcat/JBoss Application Server providing access to the EJBInvokerServlet and/or JMXInvokerServlet without prior authentication. Solution: Ask the Vendor for an update and enable authentication for the mentioned servlets. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0874 1028042 http://securitytracker.com/id?1028042 20131219 ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability http://archives.neohapsis.com/archives/bugtraq/2013-12/0134.html 30211 http://www.exploit-db.com/exploits/30211 51984 http://secunia.com/advisories/51984 52054 http://secunia.com/advisories/52054 57552 http://www.securityfocus.com/bid/57552 RHSA-2013:0191 http://rhn.redhat.com/errata/RHSA-2013-0191.html RHSA-2013:0192 http://rhn.redhat.com/errata/RHSA-2013-0192.html RHSA-2013:0193 http://rhn.redhat.com/errata/RHSA-2013-0193.html RHSA-2013:0194 http://rhn.redhat.com/errata/RHSA-2013-0194.html RHSA-2013:0195 http://rhn.redhat.com/errata/RHSA-2013-0195.html RHSA-2013:0196 http://rhn.redhat.com/errata/RHSA-2013-0196.html RHSA-2013:0197 http://rhn.redhat.com/errata/RHSA-2013-0197.html RHSA-2013:0198 http://rhn.redhat.com/errata/RHSA-2013-0198.html RHSA-2013:0221 http://rhn.redhat.com/errata/RHSA-2013-0221.html RHSA-2013:0533 http://rhn.redhat.com/errata/RHSA-2013-0533.html https://bugzilla.redhat.com/show_bug.cgi?id=795645 jboss-eap-jmxinvokerhaservlet-code-exec(81511) https://exchange.xforce.ibmcloud.com/vulnerabilities/81511 Common Vulnerability Exposure (CVE) ID: CVE-2013-4810 https://www.exploit-db.com/exploits/28713/ HPdes Security Advisory: HPSBGN02952 http://marc.info/?l=bugtraq&m=138696448823753&w=2 HPdes Security Advisory: HPSBGN03323 http://marc.info/?l=bugtraq&m=143039425503668&w=2 HPdes Security Advisory: HPSBPV02918 http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409 HPdes Security Advisory: SSRT101127 HPdes Security Advisory: SSRT102036 http://zerodayinitiative.com/advisories/ZDI-13-229/ http://www.securitytracker.com/id/1029010 http://secunia.com/advisories/54788
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.