SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability
BID:40205
Info
SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability
| Bugtraq ID: | 40205 |
| Class: | Unknown |
| CVE: |
CVE-2010-1454 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 17 2010 12:00AM |
| Updated: | May 17 2010 12:00AM |
| Credit: | Erhan Baz at Yapi Kredi |
| Vulnerable: |
SpringSource tc Server 6.0.25 .A SpringSource tc Server 6.0.20 .C SpringSource tc Server 6.0.20 .B SpringSource tc Server 6.0.20 .A-SR1 SpringSource tc Server 6.0.20 .A SpringSource tc Server 6.0.19 .A |
| Not Vulnerable: |
SpringSource tc Server 6.0.25 .A-SR01 SpringSource tc Server 6.0.20 .D |
Discussion
SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability
SpringSource tc Server is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the JMX interface, which may lead to further attacks.
Versions prior to SpringSource tc Server runtime 6.0.20.D and 6.0.25.A-SR01 are vulnerable.
SpringSource tc Server is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the JMX interface, which may lead to further attacks.
Versions prior to SpringSource tc Server runtime 6.0.20.D and 6.0.25.A-SR01 are vulnerable.
Exploit / POC
SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
SpringSource tc Server JMX Interface Authentication Security Bypass Vulnerability
References:
References:
- SpringSource Homepage (SpringSource)
- CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX inter (s2-security
) - CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX inter (SpringSource)