Computer Associates Oneview Monitor 6.0 - doSave.jsp Remote Code Execution

2010-08-12T00:00:00
ID EXPLOITPACK:5F12C318E192F259E889253511468FFB
Type exploitpack
Reporter Giorgio Fedon
Modified 2010-08-12T00:00:00

Description

Computer Associates Oneview Monitor 6.0 - doSave.jsp Remote Code Execution

                                        
                                            source: https://www.securityfocus.com/bid/42413/info

Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver. 

The following example URI is available:

ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp