logo
DATABASE RESOURCES PRICING ABOUT US

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

Description

Added: 10/23/2013 CVE: [CVE-2013-4810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810>) BID: [62854](<http://www.securityfocus.com/bid/62854>) OSVDB: [97153](<http://www.osvdb.org/97153>) ### Background McAfee Web Reporter analyzes logs from a variety of proxy sources to provide real-time views into web traffic, including extensive drill-down capabilities and powerful off-line processing. ### Problem McAfee Web Reporter is vulnerable to remote code execution due to embedding a vulnerable version of JBoss. The vulnerability is due to the application not properly restricting access to the invoker/EJBInvokerServlet which can be exploited to deploy and execute arbitray Java code by sending a specially crafted marshalled object to TCP port 9111. ### Resolution Contact the vendor for a solution. ### References <http://secunia.com/advisories/55112/> <http://retrogod.altervista.org/9sg_ejb.html> ### Limitations This exploit was tested against McAfee Web Reporter 5.2.1 on Windows Server 2008 R2 SP1 (DEP OptOut). ### Platforms Windows


Related