|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-12-10 | |
| Rule Name: | HP Intelligent Management Java Deserialization RCE Attempt Vulnerability (CVE-2017-12557) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in WebDMDebugServlet to execute arbitrary code on the target system. The code will run with System privileges. | |
| Impact: | Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:101152 ExploitDB:45952 SecurityTrackerID:1039495 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us |
|
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |