CVE-2012-2561 Information

Description

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098 1099 or 4444.

Reference

http://marc.info/?l=bugtraq&m=134013352316810&w=2 http://osvdb.org/81981 http://secunia.com/advisories/49218 http://www.kb.cert.org/vuls/id/859230 http://www.securityfocus.com/bid/53556 http://www.securitytracker.com/id?1027075