Supports Detecting the Remote Code Execution Vulnerability in the Weaver Ecology OA System
Sep 19 2019
Content
Target customers: users who use Weaver Ecology 7.0, 8.0, or 8.1. Features released: by default, Resin is installed in Weaver Ecology and the invoker servlet is enabled. The resin.conf file contains a vulnerability that allows attackers to call the servlet under CLASSPATH to execute commands by accessing the corresponding /weaver/className. We recommend that users scan for this vulnerability as soon as possible.