An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.
47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed