Computer Security
[EN] securityvulns.ru no-pyccku


JBoss insecure defaults
updated since 22.02.2007
Published:23.02.2007
Source:
SecurityVulns ID:7280
Type:remote
Threat Level:
5/10
Description:Web console and management instruments are available without authentication.
CVE:CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.)
 CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.)
 CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.)
Original documentdocumentbuben.razuma_(at)_gmail.com, JBoss jmx-console CSRF (23.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod