|
|||
Rule General Information |
---|
Release Date: | 2018-12-10 | |
Rule Name: | HP Intelligent Management Java Deserialization RCE Attempt Vulnerability (CVE-2017-12557) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in WebDMDebugServlet to execute arbitrary code on the target system. The code will run with System privileges. | |
Impact: | Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:101152 ExploitDB:45952 SecurityTrackerID:1039495 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us |
|
Solutions |
---|
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |