VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1454

tc_server: com.springsource.tcserver.serviceability.rmi.JmxSoc...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1454

Original

com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-19

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-20

Affected Product Tags

cpe:/a:vmware:tc_server:6.0.19

cpe:/a:vmware:tc_server:6.0.19.a

cpe:/a:vmware:tc_server:6.0.20

cpe:/a:vmware:tc_server:6.0.20.a

cpe:/a:vmware:tc_server:6.0.20.b

cpe:/a:vmware:tc_server:6.0.20.c

cpe:/a:vmware:tc_server:6.0.25.a

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 40205

BUGTRAQ 20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface

CONFIRM http://www.springsource.com/security/cve-2010-1454

SECUNIA 39778

Vulnerability Type Authentication Issues (CWE-287)