Computer Security
[EN] no-pyccku

JBoss insecure defaults
updated since 22.02.2007
SecurityVulns ID:7280
Threat Level:
Description:Web console and management instruments are available without authentication.
CVE:CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.)
 CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.)
 CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.)
Original documentdocumentbuben.razuma_(at), JBoss jmx-console CSRF (23.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod