APP: Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Solarwinds Virtualization Manager. Successful exploitation can result in arbitrary code execution in the security context of the RMI service.
Extended Description
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Affected Products
Solarwinds virtualization_manager
References
CVE: CVE-2016-3642
Short Name
APP:SOLARWINDS-VMACC-CE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Apache CVE-2016-3642 Collections Commons Deserialization Insecure Manager Solarwinds Virtualization
Release Date
06/28/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3377
Port
TCP/1099
False Positive
Unknown
Vendors
Solarwinds
CVSS Score
10.0