Short Name |
APP:VCENTER-JMX-RCE2 |
---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
VMware vCenter Server JMX Remote Code Execution 2 |
Release Date |
2016/01/04 |
Update Number |
2607 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability against VMware vCenter Server. The vulnerability is due to a lack of enforced authentication in the default configuration (in wrapper.conf). A successful attack can lead to arbitrary code execution.
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.