OSVDB ID: 33346 Title: Avaya Multiple Products Apache Tomcat Port Weakness |
Info |
|
|
Dates |
||||
|
|
Description |
Apache Tomcat in Avaya S8300 Media Server, S8500 Media Server, S87XX-Series Media Server, and Avaya SIP Enablement Services (SES) contains a configuration weakness. The issue is due to port 8009, which is typically used to connect Apache web services to Apache Tomcat, being externally facing. Remote attackers may leverage this issue in conjunction with other vulnerabilities to perform other attacks on vulnerable systems. |
Classification |
Location:
Remote / Network Access
Attack Type: Misconfiguration Impact: Impact Unknown Exploit: Exploit Public OSVDB: Concern |
Solution |
Upgrade to the following versions of the affected products as they have been reported to fix this vulnerability: Avaya S8300 Media Server: Communication Manager version 3.1.3 or higher Avaya S8500 Media Server: Communication Manager version 3.1.3 or higher Avaya S87XX-Series Media Server: Communication Manager version 3.1.3 or higher Avaya SIP Enablement Services (SES): update not available The vendor recommends that following actions be taken for products where an update is not available: For all system products with port 8009 open to external interfaces it is recommended that local and network access to the server be restricted. This restriction should be enforced through the use of physical security, firewalls, ACLs, VPNs, and other generally-accepted networking practices until such time as an update becomes available and can be installed. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |