Preview Tool

Cisco Bug: CSCsz22056 - Mars allows http access to JBoss Application Server

Last Modified

Jun 30, 2015

Products (1)

  • Cisco Security Monitoring, Analysis and Response System

Known Affected Releases


Description (partial)


Mars is accessible by http: through a web browser.  It may be possible for an unauthenticated user to view the JBoss Application Server window containing  information about Mars.  

The application server window is read-only and will not allow a user to harm the MARS internal processes, system, or database.


Occurs only on Gen-2 hardware that was upgraded from 5.3.6 to 6.0.1.  MARS that have been reinstalled with 6.0.x, or with 4.x or 5.x, will not exhibit this problem.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.