mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 10:41:43 +00:00
25 lines
1.1 KiB
Markdown
25 lines
1.1 KiB
Markdown
|
### [CVE-2016-1542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1542)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html
|
||
|
|
- https://www.exploit-db.com/exploits/43902/
|
||
|
|
- https://www.exploit-db.com/exploits/43939/
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/7hang/cyber-security-interview
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/NickstaDB/PoC
|
||
|
|
- https://github.com/bao7uo/bmc_bladelogic
|
||
|
|
- https://github.com/blamhang/bmc_rscd_rce
|
||
|
|
- https://github.com/patriknordlen/bladelogic_bmc-cve-2016-1542
|
||
|
|
|