CVE-2012-3347 Information

Description

AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism a different vulnerability than CVE-2012-1828.

Reference

http://secunia.com/advisories/49335 http://www.kb.cert.org/vuls/id/773035 http://www.kb.cert.org/vuls/id/MAPG-8RQL83