9 lines
No EOL
462 B
Text
9 lines
No EOL
462 B
Text
source: https://www.securityfocus.com/bid/42413/info
|
|
|
|
Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
|
|
|
|
Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver.
|
|
|
|
The following example URI is available:
|
|
|
|
ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp |