On Sunday, a new vulnerability was reported on the newswire relating to a Java vulnerability in the frequently used ‘commons-collection’ library. This reportedly affects java web-based applications world-wide.
Polonious’ development and security team reacted to this news within 24 hours.
The ‘commons-collection’ exploit allows an attack to vector directly into an IBM(tm) Websphere(tm) or JBOSS(tm) server running java applications on-line, exposing the server with command line access. This vulnerability is just as likely on Windows, OSX and Linux.
The security-trained senior engineers at Polonious have reviewed their popular PCMS (Polonious Case Management) product and declared it not vulnerable to this exploit. The library in question (commons-collection) is never used in a way that can cause this attack to succeed.
Whilst PCMS is not vulnerable to this attack, customers who choose to run IBM(tm) Websphere(tm) or Red Hat(tm) JBOSS(tm) for their Java web applications will need to review with their support contractors to ensure that they are not vulnerable. As a default, Polonious implement a hardened version of Apache Tomcat which is not vulnerable to this attack.
Polonious takes an active role in detecting, checking and removing any vulnerabilities reported on security feeds world-wide.
For further information on PCMS and Polonious, contact your local office in Australia or the USA.