McAfee SmartFilter Administration < Unauthenticated Access to JBOSS RMI (SB10029)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote host has a web application installed that is affected by a
code execution vulnerability.

Description :

The version of McAfee SmartFilter Administration installed on the
remote Windows host is earlier than It is, therefore,
potentially affected by a code execution vulnerability. The Remote
Method Invocation service can be used without authentication to deploy a
malicious .war file. By exploiting this flaw, a remote, unauthenticated
attacker could execute arbitrary code subject to the privileges of the
user running the affected application.

See also :

Solution :

Upgrade to McAfee SmartFilter Administration or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 69916 ()

Bugtraq ID: 55088

CVE ID: CVE-2012-4599

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now