Zend Server contains a flaw related to the Java Bridge Component. The issue is triggered when a remote attacker sends specially crafted messages to the javamw.jar service on TCP port 10001. This may allow an attacker to execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Zend has released a patch to address this vulnerability.

• Exploit Database: 17078
• Secunia Advisory ID: 43867
• Bugtraq ID: 47060
• Metasploit ID: 71420
• Mail List Post: http://seclists.org/fulldisclosure/2011/Mar/334
• Vendor Specific News/Changelog Entry: http://static.zend.com/topics/ZS-510-JavaBridge-Hotfix-ReleaseNotes-20110324.txt
• Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/zend_server_java_bridge_rce
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-11-113/

• Luca Carettoni - Secure Network

NVD does not currently have a CVSSv2 score assigned.