The HP Business Service Management (HPBSM) application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected.
HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains open ports that may be accessed by an unauthenticated attacker. The attacker can upload a jsp-shell as a .war file and have the JBOSS application server deploy it as a service. In the default configuration, this attacker shell will run with SYSTEM privileges.
An unauthenticated attacker may be able to deploy a backdoor shell with SYSTEM privileges.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Restrict Access
Implement appropriate firewall rules to block traffic from untrusted sources to TCP ports 4444, 1098, and 1099.
859230
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 02, 2012 Updated: May 14, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 9.0 | E:H/RL:U/RC:UC |
Environmental | 9 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
<http://www8.hp.com/us/en/software/software-solution.html?compURI=tcm:245-937035>
Thanks to David Elze of Daimler TSS for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2012-2561 |
---|---|
Date Public: | 2012-05-16 Date First Published: |