Hi Michael, We sent information about this issue to opennms-announce mailing list and first information addressing this issues can be find here:
http://www.adventuresinoss.com/2015/11/09/opennms-rmi-exploit/ <http://www.adventuresinoss.com/2015/11/09/opennms-rmi-exploit/> http://www.opennms.eu/2015/11/security-java-rmi-exploitation/ The following JIRA issues addressing this topic: http://issues.opennms.org/browse/NMS-7971 <http://issues.opennms.org/browse/NMS-7971> thank you giving us this important hint. -- Ronny Trommer, OGP Germany :: Fulda :: Stuttgart Web: http://www.opennms.org <http://www.opennms.org/> PGP Key Fingerprint: 4A1B 4D06 FEEC 244D 38EF 8074 9075 B2E5 08A2 451E PGP Key Server1: https://keyserver.pgp.com <https://keyserver.pgp.com/> PGP Key Server2: http://pgp.mit.edu/ <http://pgp.mit.edu/> > On 07.11.2015, at 11:00, Michael Banck <michael.ba...@credativ.de> wrote: > > Hi, > > probably you heard about it already, but I noticed OpenNMS (through RMI, > not sure how relevant that is these days) was mentioned in this article: > > http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#opennms > > > Cheers, > > Michael > > -- > Michael Banck > Projektleiter / Berater > Tel.: +49 (2161) 4643-171 > Fax: +49 (2161) 4643-100 > Email: michael.ba...@credativ.de > > credativ GmbH, HRB Mönchengladbach 12080 > USt-ID-Nummer: DE204566209 > Hohenzollernstr. 133, 41061 Mönchengladbach > Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer > > > ------------------------------------------------------------------------------ > _______________________________________________ > Please read the OpenNMS Mailing List FAQ: > http://www.opennms.org/index.php/Mailing_List_FAQ > > opennms-devel mailing list > > To *unsubscribe* or change your subscription options, see the bottom of this > page: > https://lists.sourceforge.net/lists/listinfo/opennms-devel
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------
_______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-devel mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-devel
