Symantec Workspace Streaming Agent XMLRPC Request putFile Method Remote Code Execution Vulnerability Exploit

A vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2014-1649
Product Version: 
2014_R1
Released Date: 
Wednesday, August 13, 2014 - 00:00