Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > Remote code execution vulnerability in WHD

Remote code execution vulnerability in WHD

Updated November 16, 2016

Overview

This article addresses the following vulnerabilities:

  • Java Remote Method Invocation (RMI) Deserialization Remote Code Execution (1185593)
  • Passwordless Java Management Extensions (JMX) Interface (118384)
  • Apache® ActiveMQ™ Message Broker Java Deserialization Remote Code Execution (RCE) (119264) 

Environment

  • WHD version 12.3
  • WHD version 12.4

Issue

A remote code execution vulnerability caused by unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library can impact a remote OpenNMS server. As a result, an unauthorized user can exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

Because Web Help Desk listens on port 1099, it is vulnerable to the same Apache commons-based vulnerability inherent with OpenNMS software, also known as OpenNMS Java Object Deserialization RCE.

Resolution

Upgrade Web Help Desk to version 12.5 or later. This version includes updated Apache Commons Collections Java libraries that resolve these vulnerabilities. 

 

 

Last modified

Tags

Classifications

Public