SolarWinds Storage Manager 'AuthenticationFilter' Class Remote Code Execution Vulnerability

Bugtraq ID:	69438
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Aug 27 2014 12:00AM
Updated:	Sep 16 2014 12:04AM
Credit:	Andrea Micalizzi
Vulnerable:
Not Vulnerable:

SolarWinds Storage Manager 'AuthenticationFilter' Class Remote Code Execution Vulnerability

SolarWinds Storage Manager is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

SolarWinds Storage Manager 'AuthenticationFilter' Class Remote Code Execution Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/69438.rb

SolarWinds Storage Manager 'AuthenticationFilter' Class Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SolarWinds Storage Manager 'AuthenticationFilter' Class Remote Code Execution Vulnerability

References: