Remote Unauthenticated Code Execution via JSP File in Skybox Platform

Remote Unauthenticated Code Execution via JSP File in Skybox Platform

CVE-2015-9246 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost.

Learn more about our Web App Pen Testing.