10
CVSSv2

CVE-2013-4810

Published: 16/09/2013 Updated: 05/10/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote malicious users to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hp procurve manager 3.20

hp procurve manager 4.0

hp application lifecycle management -

hp identity driven manager 4.0

Vendor Advisories

HP ProCurve Manager (PCM) 320 and 40, PCM+ 320 and 40, Identity Driven Manager (IDM) 40, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760 NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CV ...

Exploits

<?php /* Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution google dork: inurl:status EJBInvokerServlet this was used successfully on Windows during a penetration test against McAfee Web Reporter 521 (tcp port 9111/http) gaining administrative privileges see: wwwmcafee ...