APP: Rocket Servergraph Admin Center userRequest and tsmRequest Command Execution
This signature detects attempts to exploit a known vulnerability against Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. These vulnerabilities are due to input validation errors when handling requests to the URIs userRequest and tsmRequest. A remote unauthenticated attacker can exploit these vulnerabilities to achieve arbitrary command execution under the context of the SYSTEM user.
Extended Description
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
Affected Products
Rocketsoftware rocket_servergraph
Short Name
APP:ROCKET-SERVERGRAPH-CE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Admin CVE-2014-3915 Center Command Execution Rocket Servergraph and tsmRequest userRequest
Release Date
07/07/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3659
False Positive
Unknown
Vendors
Rocketsoftware
CVSS Score
10.0