Hello,
Thanks for informing we’ll check and take remedial action as required.
Thanks & Best Regards
Roshan Halkhoree
Director, Centre for Information Technology and Systems (CITS)
University of Mauritius
Tel: +230 403 7715
Website: www.uom.ac.mu
From: Ish Sookun [mailto:ish_at_hacklog.in]
Sent: Thursday, April 02, 2015 8:37 PM
To: cits_at_uom.ac.mu
Cc: contact_at_cert.ncb.mu; mauritius-internet-users_at_lists.elandnews.com
Subject: Something is wrong on the University of Mauritius webserver
Hello,
I found a Java based web application[1] running on the University of Mauritius webserver. The application is currently in public view and allows anyone from the Internet to modify, delete or add resources.
Someone with an Internet access could thus upload malicious code on the webserver and remotely execute it.
I thus trigger it as a vulnerability. If it's not, I apologize for triggering a false alarm, if it is, you can thank me later.
[1]
http://aap-server.uom.ac.mu:8080/repository/entry/show/RAMADDA+repository+-+AAP+Mauritius/AAP+Mauritius+Workshop+-+Participants?entryid=1de74fdb-5a30-4956-a6d2-0c0f2ca21868
Regards,
Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
--
Email Disclaimer: This email and all its contents are subject to the
disclaimer at http://www.uom.ac.mu/emaildisclaimer
P* Please consider the environment and print this email only if necessary *ü
--
<http://www.uom.ac.mu>
Received on Fri Apr 03 2015 - 05:16:51 PST