Test ID:	1.3.6.1.4.1.25623.1.0.902188
Category:	General
Title:	VMware SpringSource tc Server 'JMX' Interface Security Bypass Vulnerability
Summary:	VMware SpringSource tc Server is prone to a security bypass; vulnerability.
Description:	Summary: VMware SpringSource tc Server is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is cused due to error in, 'com.springsource.tcserver.serviceability.rmi.JmxSocketListener', if the listener is configured to use an encrypted password then entering either the correct password or an empty string will allow authenticated access to the JMX interface. Vulnerability Impact: Successful exploitation will allow attackers to obtain JMX interface access via a blank password. Affected Software/OS: VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D and 6.0.25.A before 6.0.25.A-SR01. Solution: Update to version 6.0.20.D, 6.0.25.A-SR01 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1454 BugTraq ID: 40205 http://www.securityfocus.com/bid/40205 Bugtraq: 20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface (Google Search) http://www.securityfocus.com/archive/1/511307/100/0/threaded http://secunia.com/advisories/39778 XForce ISS Database: tcserver-listener-security-bypass(58684) https://exchange.xforce.ibmcloud.com/vulnerabilities/58684
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.