Update Protection against Zend Zend Server Java Bridge Remote Code Execution Vulnerability
| Check Point Reference: | CPAI-2011-268 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA43867 | |
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Zend Technologies Zend Server 5.1.0 and prior |
||
| Vulnerability Description A remote code execution vulnerability has been reported in the Java Bridge server component of Zend Server. Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications. An internal component, the Zend Java Bridge, provides PHP developers with a way to use existing Java code and build PHP applications that use Java code. A remote attacker may exploit this vulnerability to execute arbitrary code on a target system. |
||
|
Vulnerability Details The vulnerability is due to design weakness in javamw.jar which does not validate the origin of remote Java commands sent to it. A remote attacker may exploit this issue by sending a specially crafted request to the affected service. Successful exploitation of this vulnerability would lead to execution of arbitrary code on the target host. |
Protection Overview
This protection will detect and block malformed requests made to the vulnerable server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.