CVE-2007-1036

Опубликовано: 21 фев. 2007

Источник: nvd

CVSS2: 7.5

EPSS Критический

Описание

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

Ссылки

http://osvdb.org/33744
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
http://www.kb.cert.org/vuls/id/632656
US Government Resource
http://www.securityfocus.com/archive/1/460597/100/0/threaded
http://www.securityfocus.com/archive/1/460605/100/0/threaded
http://www.securityfocus.com/archive/1/460695/100/0/threaded
http://www.securitytracker.com/id?1017677
https://exchange.xforce.ibmcloud.com/vulnerabilities/32596
http://osvdb.org/33744
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
http://www.kb.cert.org/vuls/id/632656
US Government Resource
http://www.securityfocus.com/archive/1/460597/100/0/threaded
http://www.securityfocus.com/archive/1/460605/100/0/threaded
http://www.securityfocus.com/archive/1/460695/100/0/threaded
http://www.securitytracker.com/id?1017677
https://exchange.xforce.ibmcloud.com/vulnerabilities/32596

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jboss:jboss_application_server:*:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90143

Критический

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-jchw-rw3j-3rjm

github

почти 4 года назад