Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > Remote code execution vulnerability in WHD

Remote code execution vulnerability in WHD

Updated November 16, 2016

Overview

This article addresses the following vulnerabilities:

  • Java Remote Method Invocation (RMI) Deserialization Remote Code Execution (1185593)
  • Passwordless Java Management Extensions (JMX) Interface (118384)
  • Apache® ActiveMQ™ Message Broker Java Deserialization Remote Code Execution (RCE) (119264) 

Environment

  • WHD version 12.3
  • WHD version 12.4

Issue

A remote code execution vulnerability caused by unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library can impact a remote OpenNMS server. As a result, an unauthorized user can exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

Because Web Help Desk listens on port 1099, it is vulnerable to the same Apache commons-based vulnerability inherent with OpenNMS software, also known as OpenNMS Java Object Deserialization RCE.

Resolution

Upgrade Web Help Desk to version 12.5 or later. This version includes updated Apache Commons Collections Java libraries that resolve these vulnerabilities. 

 

 

Last modified

Tags

Classifications

Public