cbcvebase.
CVE-2013-4096
published 2013-06-28

CVE-2013-4096: ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in…

PriorityP262critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
9.35%
94.8th percentile
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.

Detection & IOCsextracted from sources · hover to see the quote

url/ServerAdmin/TestTelnetConnection.jsp
url/ServerAdmin/TestDRConnection.jsp
url/ServerAdmin/ErrorViewer.jsp
commandHOST_NAME=-;uname&PORT_NUMBER=-a
otherServer: DS3-AuthServer
  • Detect POST requests to /ServerAdmin/TestTelnetConnection.jsp containing shell metacharacters (e.g., semicolons, pipes, backticks) in the HOST_NAME parameter, indicating command injection attempts.
  • Alert on HTTP responses from servers identifying themselves with the 'Server: DS3-AuthServer' header, which fingerprints the vulnerable appliance.
  • Monitor POST body content to /ServerAdmin/TestTelnetConnection.jsp for the pattern HOST_NAME containing '-;' or other shell metacharacter sequences used to inject OS commands.
  • Flag unauthenticated GET requests to /ServerAdmin/ErrorViewer.jsp with a user-controlled 'message' parameter, which can be abused for social engineering.
  • ·The exploit requires prior authentication (post-auth RCE); unauthenticated exploitation of the command injection is not possible, but the error message manipulation (Issue #3) requires no authentication.
  • ·Commands injected via HOST_NAME execute with the privileges of the 'asadmin' user, not necessarily root, which may limit post-exploitation impact depending on system configuration.
  • ·The affected DS3 Authentication Server version is unknown; no patch or vendor fix was available at the time of public disclosure.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.