McAfee SmartFilter Administration < 4.2.1.01 Unauthenticated Access to JBOSS RMI (SB10029)
Critical Nessus Plugin ID 69916
SynopsisThe remote host has a web application installed that is affected by a code execution vulnerability.
DescriptionThe version of McAfee SmartFilter Administration installed on the remote Windows host is earlier than 4.2.1.01. It is, therefore, potentially affected by a code execution vulnerability. The Remote Method Invocation service can be used without authentication to deploy a malicious .war file. By exploiting this flaw, a remote, unauthenticated attacker could execute arbitrary code subject to the privileges of the user running the affected application.
SolutionUpgrade to McAfee SmartFilter Administration 4.2.1.01 or later.