CVE-2014-7866 : Fix for Remote code execution via file upload vulnerability

CVE-2014-7866 : Fix for Remote code execution via file upload vulnerability

Details of Vulnerability:

Vulnerability: Remote code execution via file upload (unauthenticated 
on OpManager and Social IT) 
CVE-2014-7866 
Constraints: no authentication needed for OpManager and Social IT; 
authenticated in IT360 

a) 
POST /servlet/MigrateLEEData?fileName=../tomcat/webapps/warfile.war%00 
Affected versions: Unknown, at least OpManager v8 build 88XX to 
11.3/11.4; IT360 10.3/10.4; Social IT 11.0 

b) 
POST /servlet/MigrateCentralData?operation=downloadFileFromProbe&zipFileName=../tomcat/webapps/warfile.war%00 
Affected versions: Unknown, at least OpManager v8 build 88XX to 
11.3/11.4; IT360 10.3/10.4; Social IT 11.0 
 


Fix:(Compatible for 11300 & 11400 builds)

1)Download the attached patch

2)Extract it under /OpManager

3)Stop and Start OpManager


note: This fix will be implemented in build 11500 release.





      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products