Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution

EDB-ID:

34440

CVE:

N/A




Platform:

JSP

Date:

2010-08-12


source: https://www.securityfocus.com/bid/42413/info

Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver. 

The following example URI is available:

ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp