Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Moderately critical

McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability

-

Release Date:  2013-10-07    Last Update:  2014-02-11    Views:  5,034

Secunia Advisory SA55112

Where:

You need to log in to view this

Impact:

You need to log in to view this

Solution Status:

You need to log in to view this

Software:

You need to log in to view this

CVE Reference(s):

You need to log in to view this

Description


Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system


You need to log in to the Secunia Community to view the full description of this advisory

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitr

User Message
infoposter RE: McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
Member 16th Oct, 2013 16:45
Score: 0
Posts: 1
User Since: 16th Oct 2013
System Score: N/A
Location: US
Last edited on 16th Oct, 2013 16:55
The issue no longer exists in 5.2.1.01, which was release back in June of this year. Also, the title of the vulnerability is not accurate. This vulnerability does not affect JMXInvokerServlet in the version of the product that is listed. For this reason it seems this vulnerability may have been discovered with a canned scanning tool with the title of this post most likely copied from the result of the scanner. These two attack vectors are commonly grouped together by such tools.
Was this reply relevant?
+0
-0
E.Jeppesen RE: McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
Secunia Official 17th Oct, 2013 10:58
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Thank you for your comment. I have made sure that our researchers are informed.

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability