ONTAP Discussions
ONTAP Discussions
Hi Team,
Looking for solution for vurnabilities please check attached file for details.
NetApp Release 8.2.3P3 7-Mode: Tue Apr 28 14:48:22 PDT 2015
The 'EBJInvokerServlet' and 'JMXInvokerServlet' servlets hosted on the web server on the remote host are accessible to unauthenticated users. The remote host is, therefore, affected by the following vulnerabilities :
- A security bypass vulnerability exists due to improper restriction of access to the console and web management interfaces. An unauthenticated, remote attacker can exploit this, via direct requests, to bypass authentication and gain administrative access.
(CVE-2007-1036)
- A remote code execution vulnerability exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. An unauthenticated, remote attacker can exploit this to bypass authentication and invoke MBean methods, resulting in the execution of arbitrary code.
(CVE-2012-0874)
- A remote code execution vulnerability exists in the EJBInvokerServlet and JMXInvokerServlet servlets due to the ability to post a marshalled object. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to install arbitrary applications. Note that this issue is known to affect McAfee Web Reporter versions prior to or equal to version 5.2.1 as well as Symantec Workspace Streaming version 7.5.0.493 and possibly earlier.
(CVE-2013-4810)
Thanks & Regards
Prajyot Katakdound
prajyot.katakdound.wg@hitachi-systems.com
Solved! See The Solution
Time to upgrade to 8.2.5p2
Thank you very much team , but could you also help me with any technote which could justify the same
Thanks & Regards
Prajyot Katakdound
prajyot.katakdound.wg@hitachi-systems.com
Please check https://security.netapp.com/advisory/. If it's not listed here, I'd open a Support case.