Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Web Help Desk (WHD) > Remote code execution vulnerability in WHD

Remote code execution vulnerability in WHD

Updated November 16, 2016

Overview

This article addresses the following vulnerabilities:

  • Java Remote Method Invocation (RMI) Deserialization Remote Code Execution (1185593)
  • Passwordless Java Management Extensions (JMX) Interface (118384)
  • Apache® ActiveMQ™ Message Broker Java Deserialization Remote Code Execution (RCE) (119264) 

Environment

  • WHD version 12.3
  • WHD version 12.4

Issue

A remote code execution vulnerability caused by unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library can impact a remote OpenNMS server. As a result, an unauthorized user can exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

Because Web Help Desk listens on port 1099, it is vulnerable to the same Apache commons-based vulnerability inherent with OpenNMS software, also known as OpenNMS Java Object Deserialization RCE.

Resolution

Upgrade Web Help Desk to version 12.5 or later. This version includes updated Apache Commons Collections Java libraries that resolve these vulnerabilities. 

 

 

Last modified

Tags

Classifications

Public