1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apache Jetspeed User Manager Service SQL Injection

Attack: Apache Jetspeed User Manager Service SQL Injection

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to execute arbitrary code on vulnerable installations of Apache Jetspeed.

Additional Information

The Jetspeed User Manager service, part of the Jetspeed Administrative Portlets, is vulnerable to SQL injection. When performing a search in these tools, the 'user' and 'role' parameters of the request can be injected to alter the logic of the subsequent SQL statement.

Affected

  • Jetspeed 2.2.0 to 2.2.2
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube