SpringSource Tc Server 'JMX' Interface Security Bypass Vulnerability Network Vulnerability

Summary

This host is running SpringSource tc Server and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attacker to obtain JMX interface access via a blank password. Impact Level: Application

Solution

Update to SpringSource tc Server Runtime to 6.0.20.D or 6.0.25.A-SR01, For updates refer to http://www.springsource.com/products/tcserver

Insight

The flaw is cused due to error in, 'com.springsource.tcserver.serviceability.rmi.JmxSocketListener', if the listener is configured to use an encrypted password then entering either the correct password or an empty string will allow authenticated access to the JMX interface.

Affected

VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D and 6.0.25.A before 6.0.25.A-SR01.

References

http://secunia.com/advisories/39778
http://www.springsource.com/security/cve-2010-1454

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1454

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

An Image Gallery Directory Traversal Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Tomcat Directory Listing and File disclosure

SpringSource tc Server 'JMX' Interface Security Bypass Vulnerability

Take action and discover your vulnerabilities