Remote Unauthenticated Code Execution via JSP File in Skybox Platform
CVE-2015-9246 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost.
Learn more about our Web App Pen Testing.