Zend Server is an enterprise web application server for hosting PHP applications.
The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java code have originated from the Zend Server. An attacker can exploit this weakness to execute malicious Java code on the server.
Upgrade Zend Server 5.1.0 by applying the Java Bridge hotfix dated March 24, 2011 or updating to a later version.
This exploit has been tested against Zend Technologies Zend Server 5.1.0 running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP1 English (DEP OptOut).
smbclient must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The smb password is not allowed to contain single quotes (').