From: Tarus B. <ta...@op...> - 2015-11-09 13:02:38
|
Gang: It was brought to our attention that the Apache Commons library that OpenNMS uses is vulnerable to a remote code execution exploit. This is only possible if port 1099 on the OpenNMS server can be accessed from the outside world. Here is a blog post with more detail: http://www.adventuresinoss.com/2015/11/09/opennms-rmi-exploit/ -T -- Tarus BALOG, Maintainer Main: +1 919 533 0160 The OpenNMS Group, Inc. Fax: +1 773 345 3645 Email: ta...@op... URL: http://www.opennms.org PGP Key Fingerprint: 8945 8521 9771 FEC9 5481 512B FECA 11D2 FD82 B45C |