Info

Disclosure

Jul 19, 2006

Discovery

Unknown

Dates

Exploit

Jul 19, 2006

Solution

Unknown

Description

By default, CS-MARS installs jboss without password. The jmx-console is accessible via ports 80 and 443 without authentication, which could allow an attacker to execute arbitrary code on the system.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified
OSVDB: Web Related, Security Software

Solution

Upgrade to version 4.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.

CS-MARS

4.1.x

References

Security Tracker: 1016537
Bugtraq ID: 19071 19075
CVE ID: 2006-3733 (see also: NVD)
Secunia Advisory ID: 21118
ISS X-Force ID: 27811
VUPEN Advisory: ADV-2006-2887
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0423.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html
News Article: http://news.zdnet.com/2100-1009_22-6096496.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml
Generic Exploit URL: http://www.saintcorporation.com
http://www.saintcorporation.com/cgi-bin/exploit_info/cs_mars_jboss_jmx_console

Credit

Jon Hart - warchildspoofed.org -

Direct URL: http://osvdb.org/27419