Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution
| EKU-ID: 39158 | CVE: | OSVDB-ID: |
| Author: Giorgio Fedon | Published: 2010-08-12 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 39158 | CVE: | OSVDB-ID: |
| Author: Giorgio Fedon | Published: 2010-08-12 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/42413/info Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver. The following example URI is available: ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp