HTTP: EMC Data Protection Advisor Illuminator EJBInvokerServlet Remote Code Execution
This signature detects attempts to exploit a known vulnerability against EMC Data Protection Advisor. A successful attack can lead to arbitrary code execution with SYSTEM privileges.
Extended Description
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
Affected Products
Redhat jboss_enterprise_application_platform
Short Name
HTTP:EMC-DPA-EJBSERVLET-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Advisor CVE-2012-0874 Code Data EJBInvokerServlet EMC Execution Illuminator Protection Remote bid:57552
Release Date
01/08/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3650
False Positive
Unknown
Vendors
Redhat
CVSS Score
6.8