Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

Is EXOS and EOS products vulnerable to CVE-2012-0874?

« Go Back

Information

 
TitleIs EXOS and EOS products vulnerable to CVE-2012-0874?
Question

Is EXOS and EOS products vulnerable to CVE-2012-0874?

Environment
  • ExtremeXOS (all products)

  • D2, SSA and C5 series.

 



 

Answer
Vulnerable:- EXOS and EOS products are not vulnerable.
Additional notes

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors.
NOTE: This issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.

For more information, please refer the link:- https://nvd.nist.gov/vuln/detail/CVE-2012-0874



 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255