The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests to this application's GET handler by using a different method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise application platform 4.2.0 |
||
redhat jboss enterprise application platform 4.2 |
||
redhat jboss enterprise application platform 4.3.0 |
||
redhat jboss enterprise application platform 4.3 |
'Panda Emissary' group has an appetite for defence projects
Black Hat 2015 An alleged Chinese advanced hacking group has been found cherry-picking data from high-profile governments and corporations, p0wning many within six hours according to Dell researchers. The group, codenamed TG-3390 or Panda Emissary, is thought to operate from China and have an appetite for defence-related aerospace projects. Its techniques mean domain credentials and multiple systems are compromised with six hours of gaining access to an environment. Watering holes are the group'...