JBoss Application Server Insecure MBean Inspector Access Vulnerability
Severity: : Critical
CVE Kennungen: : CVE-2007-1036
Advisory Date: 21 lipca 2015
DESCRIPTION
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005548
Trend Micro Deep Security DPI Rule Name: 1005548 - JBoss Application Server DeploymentFileRepository WAR Deployment Vulnerability
AFFECTED SOFTWARE AND VERSION:
- JBoss JBoss Application Server