漏洞类别:CGI
漏洞等级: 
漏洞信息
Red Hat JBoss Operations Network (or JBoss ON or JON) is free software/open-source Java EE-based network management software. Red Hat JBoss Operations Network provides built-in management and monitoring capabilities to effectively administer all of your JBoss application environments.
Red Hat JBoss Operations Network is prone to privilege escalation vulnerability.
Affected Versions:
Red Hat JBoss Operations Network (JON) prior to version 3.3.7
漏洞危害
An authenticated remote attacker can gain admin privilege by adding a a user with super user role via a crafted POST request.
解决方案
The vendor has released advisory to fix this vulnerability. Refer RHSA-2016-1785 for more iformation.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论