KLA10705
Code execution vulnerabilities in Tibbo AggreGate.
Обновлено: 17/06/2019
Дата обнаружения
19/11/2015
Уровень угрозы
Critical
Описание

Successful exploitation of the identified vulnerabilities may allow an attacker to execute arbitrary code and commands.

  1. Unknown vulnerability at Ice Faces servlet allows remote attackers to upload and execute arbitrary Java code via a specially designed XML document;
  2. Unknown vulnerability allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.
Пораженные продукты

Tibbo AggreGate Platform Version 5.21.02 and prior versions.

Решение

Update to the latest version
Download new version.

Оказываемое влияние
?
ACE 
[?]
CVE-IDS
CVE-2015-791210.0Critical
CVE-2015-79137.2High