The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.Referenceshttp://www.kb.cert.org/vuls/id/706359http://www.securityfocus.com/bid/93208
