DB: Postgres Plus Advanced Server DBA Management Server Component Authentication Bypass
This signature detects attempts to exploit a known vulnerability against the DBA Management Server component of Postgres Plus Advanced Server. This issue occurs because the component fails to properly handle client authentication allowing access to the 'jmx-console' or web-console' directly. Attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable server.
Extended Description
The DBA Management Server component of Postgres Plus Advanced Server is prone to an authentication-bypass vulnerability. Attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable server. Postgres Plus Advanced Server 8.4 is vulnerable.
Affected Products
Enterprisedb postgres_plus_advanced_serve
Short Name
DB:POSTGRESQL:DBA-AUTH-BYPASS
Severity
Major
Recommended
False
Recommended Action
None
Category
DB
Keywords
Advanced Authentication Bypass CVE-2007-1036 CVE-2010-0738 Component DBA Management Plus Postgres Server bid:39710 bid:46662
Release Date
04/14/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3664
False Positive
Unknown
Vendors
Enterprisedb
CVSS Score
7.5
5.0