Showing 1 - 1 of 1

Files

Cisco MARS Remote Command Execution In Jboss: Posted Jul 24, 2006; Authored by Jon Hart; Cisco/Protego CS-MARS remote command execution and system compromise exploit that makes use of an insecure JBoss installation in CS-MARS versions below 4.2.1.; tags | exploit, remote; systems | cisco; SHA-256 | 54fe66cacd7116d763993ab2281815e624610e13a10347c112c62d30699df620; Download | Favorite | View

Related Files

Cisco Security Advisory 20060719-mars: Posted Jul 24, 2006; Authored by Cisco Systems | Site cisco.com; Cisco Security Advisory - Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. The CS-MARS CLI contains several vulnerabilities which may allow authenticated administrators to execute arbitrary shell commands with root privileges. All vulnerabilities addressed in this advisory have been corrected in CS-MARS software version 4.2.1.; tags | advisory, remote, web, arbitrary, shell, root, vulnerability; systems | cisco; SHA-256 | 6d8365bbd3df900adf1c27abe88979a9285dccdcd49ddb8df480d3c4b145d83c; Download | Favorite | View

Page 1 of 1 Back 1 Next