Cisco Bug: CSCsz22056 - Mars allows http access to JBoss Application Server
Jun 30, 2015
- Cisco Security Monitoring, Analysis and Response System
Known Affected Releases
Symptom: Mars is accessible by http: through a web browser. It may be possible for an unauthenticated user to view the JBoss Application Server window containing information about Mars. The application server window is read-only and will not allow a user to harm the MARS internal processes, system, or database. Conditions: Occurs only on Gen-2 hardware that was upgraded from 5.3.6 to 6.0.1. MARS that have been reinstalled with 6.0.x, or with 4.x or 5.x, will not exhibit this problem.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases