Gravité: : Critique
  Identifiant(s) CVE: : CVE-2007-1036
  Date du conseil: 21 juillet 2015

  Description

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

  Information Exposure Rating:

Apply associated Trend Micro DPI Rules.

  Solutions

  Trend Micro Deep Security DPI Rule Number: 1005548
  Trend Micro Deep Security DPI Rule Name: 1005548 - JBoss Application Server DeploymentFileRepository WAR Deployment Vulnerability

  Affected software and version:

  • JBoss JBoss Application Server