CVE-2007-1036

Sažetak

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

Reference

http://osvdb.org/33744
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
http://www.kb.cert.org/vuls/id/632656
http://www.securityfocus.com/archive/1/460597/100/0/threaded
http://www.securityfocus.com/archive/1/460605/100/0/threaded
http://www.securityfocus.com/archive/1/460695/100/0/threaded
http://www.securitytracker.com/id?1017677
https://exchange.xforce.ibmcloud.com/vulnerabilities/32596

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:36

Objavljeno

21-02-2007 - 11:28