ONTAP Discussions

vulnerability

prajyot123

Hi Team,

 

Looking for solution for vurnabilities please check attached file for details.

 

NetApp Release 8.2.3P3 7-Mode: Tue Apr 28 14:48:22 PDT 2015

 

The 'EBJInvokerServlet' and 'JMXInvokerServlet' servlets hosted on the web server on the remote host are accessible to unauthenticated users. The remote host is, therefore, affected by the following vulnerabilities :

 

  - A security bypass vulnerability exists due to improper     restriction of access to the console and web management     interfaces. An unauthenticated, remote attacker can     exploit this, via direct requests, to bypass     authentication and gain administrative access.

    (CVE-2007-1036)

 

  - A remote code execution vulnerability exists due to the     JMXInvokerHAServlet and EJBInvokerHAServlet invoker     servlets not properly restricting access to profiles. An     unauthenticated, remote attacker can exploit this to     bypass authentication and invoke MBean methods,     resulting in the execution of arbitrary code.

    (CVE-2012-0874)

 

  - A remote code execution vulnerability exists in the     EJBInvokerServlet and JMXInvokerServlet servlets due to     the ability to post a marshalled object. An     unauthenticated, remote attacker can exploit this, via a     specially crafted request, to install arbitrary     applications. Note that this issue is known to affect     McAfee Web Reporter versions prior to or equal to     version 5.2.1 as well as Symantec Workspace Streaming     version 7.5.0.493 and possibly earlier.

    (CVE-2013-4810)

 

 

 

Thanks & Regards

Prajyot Katakdound

prajyot.katakdound.wg@hitachi-systems.com

 

 

1 ACCEPTED SOLUTION

kryan
A support case is the recommended action to resolve items from a scanner report.

Anyone prioritizing security for 7-Mode ONTAP should be targeting the latest P release of 8.2.5.

These CVEs cover JBoss and HP ProCurve Manager, none of which is shipped in ONTAP.
https://nvd.nist.gov/vuln/detail/CVE-2007-1036
https://nvd.nist.gov/vuln/detail/CVE-2012-0874
https://nvd.nist.gov/vuln/detail/CVE-2013-4810

View solution in original post

4 REPLIES 4

JGPSHNTAP

Time to upgrade to 8.2.5p2

prajyot123

Thank you very much  team , but could you also  help me with any technote which could justify the same 

 

 

Thanks & Regards

Prajyot Katakdound

prajyot.katakdound.wg@hitachi-systems.com

 

paul_stejskal

Please check https://security.netapp.com/advisory/. If it's not listed here, I'd open a Support case.

kryan
A support case is the recommended action to resolve items from a scanner report.

Anyone prioritizing security for 7-Mode ONTAP should be targeting the latest P release of 8.2.5.

These CVEs cover JBoss and HP ProCurve Manager, none of which is shipped in ONTAP.
https://nvd.nist.gov/vuln/detail/CVE-2007-1036
https://nvd.nist.gov/vuln/detail/CVE-2012-0874
https://nvd.nist.gov/vuln/detail/CVE-2013-4810

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public