Signature Detail

APP: VMware vCenter Server JMX Remote Code Execution

This signature detects attempts to exploit a known vulnerability against VMware vCenter Server. The vulnerability is due to a lack of enforced authentication in the default configuration (in wrapper.conf). A successful attack can lead to arbitrary code execution.

References

• CVE: CVE-2015-2342
• URL: http://www.vmware.com/security/advisories/VMSA-2015-0007.html
• URL: http://www.zerodayinitiative.com/advisories/ZDI-15-455