CVE-2012-2561

Sažetak

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

Reference

http://marc.info/?l=bugtraq&m=134013352316810&w=2
http://osvdb.org/81981
http://secunia.com/advisories/49218
http://www.kb.cert.org/vuls/id/859230
http://www.securityfocus.com/bid/53556
http://www.securitytracker.com/id?1027075

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

25-05-2013 - 03:11

Objavljeno

21-05-2012 - 20:55