Land rapid7#5267, update Title, OSVDB references for Symantec Endpoint Protection Manager

Brent Cook · Brent Cook · commit 59ccf93b5503 · 2015-04-29T09:49:28.000-05:00
diff --git a/modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb b/modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb
@@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Symantec Endpoint Protection Manager Remote Command Execution',
+      'Name'           => 'Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution',
       'Description'    => %q{
         This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager
         versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
@@ -35,6 +35,8 @@ def initialize(info = {})
           [ 'CVE', '2013-5014' ],
           [ 'CVE', '2013-5015' ],
           [ 'EDB', '31853'],
+          [ 'OSVDB', '103305'],
+          [ 'OSVDB', '103306'],
           [ 'URL', 'https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt' ]
         ],
       'Arch'           => ARCH_X86,
