JBoss Application Server Insecure MBean Inspector Access Vulnerability
Gravedad: Crítico
Identificadores de CVE : CVE-2007-1036
Fecha recomendada: 21 de julio de 2015
Descripción
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1005548
Trend Micro Deep Security DPI Rule Name: 1005548 - JBoss Application Server DeploymentFileRepository WAR Deployment Vulnerability
Software y versión afectados
- JBoss JBoss Application Server