Moderately critical

McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability

-

Release Date:  2013-10-07    Last Update:  2014-02-11    Views:  8,540

Secunia Advisory SA55112

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitr

User Message
infoposter RE: McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
Member 16th Oct, 2013 16:45
Score: 0
Posts: 1
User Since: 16th Oct 2013
System Score: N/A
Location: US
Last edited on 16th Oct, 2013 16:55
The issue no longer exists in 5.2.1.01, which was release back in June of this year. Also, the title of the vulnerability is not accurate. This vulnerability does not affect JMXInvokerServlet in the version of the product that is listed. For this reason it seems this vulnerability may have been discovered with a canned scanning tool with the title of this post most likely copied from the result of the scanner. These two attack vectors are commonly grouped together by such tools.
Was this reply relevant?
+0
-0
E.Jeppesen RE: McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
Secunia Official 17th Oct, 2013 10:58
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Thank you for your comment. I have made sure that our researchers are informed.

-

You must be logged in to post a comment.