CVE-2014-1649

Symantec Workspace Streaming <7.5.0.749 - SSRF

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-1649. PoCs published by Metasploit, including Metasploit module exploits/windows/antivirus/symantec_workspace_streaming_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2014-1649 in Symantec Workspace Streaming by uploading a malicious WAR file via an XMLRPC call to achieve remote code execution. It abuses the JBoss auto-deploy feature to execute the payload.

Description

The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/33521

View Code ZIP pw:eip

This Metasploit module exploits CVE-2014-1649 in Symantec Workspace Streaming by uploading a malicious WAR file via an XMLRPC call to achieve remote code execution. It abuses the JBoss auto-deploy feature to execute the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Symantec Workspace Streaming 6.1 SP8

No auth needed

Prerequisites: Network access to the target service on port 9855 (as_agent.exe) and 9832 (as_ste.exe)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a file upload vulnerability in Symantec Workspace Streaming via XMLRPC to achieve remote code execution by deploying a malicious WAR file to a JBoss server. It leverages the ManagementAgentServer.putFile method to upload arbitrary files and abuses JBoss auto-deploy for execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Symantec Workspace Streaming 6.1 SP8, 7.5.0.x

No auth needed

Prerequisites: Network access to the target's XMLRPC service (port 9855) and JBoss server (port 9832)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

http://zerodayinitiative.com/advisories/ZDI-14-127/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67189

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33521

Scores

EPSS 0.4231

EPSS Percentile 98.5%

Details

CWE

CWE-264

Status published

Products (2)

symantec/workspace_streaming 6.1 (5 CPE variants)

symantec/workspace_streaming < 7.5.0

Published May 16, 2014

Tracked Since Feb 18, 2026