SpringSource tc Server unauthenticated remote access to JMX interface

2010.05.25
Credit: s2-security
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-287


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A Description: A problem has been identified in the com.springsource.tcserver.serviceability.rmi.JmxSocketListener. If the listener is configured to use an encrypted password ( i.e. the password is prefaced with s2enc:// ) then entering either the correct password or an empty string will allow authenticated access to the JMX interface. The JMX interface is not remotely accessible by default but may be configured for remote access by setting the address attribute. Mitigation: All users are recommended to immediately switch to non-encrypted passwords for the JMX interface or to disable the JMX interface. Users wishing to continue to use the JMX interface with encrypted passwords should upgrade the tc Server Runtime to 6.0.20.D or 6.0.25.A-SR01 (included in tc Server 2.0.0.SR01) available from the SpringSource support portal (for customers with support contracts) or the SpringSource download centre. Credit: This vulnerability was discovered by Erhan Baz at Yapi Kredi. References: [1] http://www.springsource.com/security/tc-server Mark Thomas SpringSource Security Team

References:

http://www.springsource.com/security/cve-2010-1454
http://www.securityfocus.com/bid/40205
http://www.securityfocus.com/archive/1/archive/1/511307/100/0/threaded
http://secunia.com/advisories/39778


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top