Servlet Vulnerability Fix

Servlet Vulnerability Fix

This fix is compatible only for build 11300(OpManager and Social IT Plus). 

Please follow these steps.

1)Download the attached zip file and extract it under /OpManager

2)Stop and Start OpManager

Note: This zip file contains the fix for these vulnerabilities. 

1)Vulnerability: Remote code execution via file upload

2)Vulnerability: Arbitrary file deletion

                    New to ADSelfService Plus?

                      • Related Articles

                      • SQL Injection Vulnerability FIx

                        Vulnerability: Blind SQL injection (unauthenticated) Fix: Upgrade to Social IT vXXXX; OpManager vXXXX; IT360 vXXXX Constraints: no authentication needed for OpManager and Social IT; authenticated in IT360 a) POST ...
                      • CVE-2014-7866 : Fix for Remote code execution via file upload vulnerability

                        Details of Vulnerability: Vulnerability: Remote code execution via file upload (unauthenticated  on OpManager and Social IT)  CVE-2014-7866  Constraints: no authentication needed for OpManager and Social IT;  authenticated in IT360  a)  POST ...
                      • vulnerability (CVE-2015-7765, CVE-2015-7766)

               Vulnerability Detail: Any account that has access to the web interface with Administrator rights has the possibility to use a web form to execute SQL queries on the backend PostgreSQL instance. By ...
                      • Poodle Vulnerability CVE-2014-3566

                        POODLE, which stands for Padding Oracle on Downloaded Legacy Encryption, makes it possible for hackers to snoop on a user’s web browsing. The problem is an 18-year-old encryption standard, known as SSL v3, which is still used by older browsers like ...
                      • Vulnerabilities in FailOverHelperServlet

                        Vulnerabilities in FailoverHelperServlet.  >> Technical details:  The affected servlet is the "FailOverHelperServlet" or if you prefer  FailServlet.   It is possible to hijack the failover operation completely.  #1  Vulnerability: Local file include  ...