Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution Vulnerability

2010-08-12T00:00:00
ID EDB-ID:34440
Type exploitdb
Reporter Giorgio Fedon
Modified 2010-08-12T00:00:00

Description

Computer Associates Oneview Monitor 6.0 'doSave.jsp' Remote Code Execution Vulnerability. Webapps exploit for jsp platform

                                        
                                            source: http://www.securityfocus.com/bid/42413/info

Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver. 

The following example URI is available:

ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp