Описание
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-1036
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32596
- http://osvdb.org/33744
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
- http://www.kb.cert.org/vuls/id/632656
- http://www.securityfocus.com/archive/1/460597/100/0/threaded
- http://www.securityfocus.com/archive/1/460605/100/0/threaded
- http://www.securityfocus.com/archive/1/460695/100/0/threaded
- http://www.securitytracker.com/id?1017677
EPSS
Процентиль: 100%
0.90143
Критический
CVE ID
Связанные уязвимости
nvd
почти 19 лет назад
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
EPSS
Процентиль: 100%
0.90143
Критический