Signature Detail
Short Name |
HTTP:EMC-DPA-EJBSERVLET-RCE |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
EMC Data Protection Advisor Illuminator EJBInvokerServlet Remote Code Execution |
Release Date |
2014/01/08 |
Update Number |
2332 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: EMC Data Protection Advisor Illuminator EJBInvokerServlet Remote Code Execution
This signature detects attempts to exploit a known vulnerability against EMC Data Protection Advisor. A successful attack can lead to arbitrary code execution with SYSTEM privileges.
Extended Description
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
Affected Products
- redhat jboss_enterprise_application_platform 5.2.0
- redhat jboss_enterprise_brms_platform up to 5.3.0
- redhat jboss_enterprise_web_platform 5.2.0
References
- BugTraq: 57552
- CVE: CVE-2012-0874