Vulnerability Note VU#632656
JBoss Application Server may not properly restrict access to the administrative interface
The JBoss Application Server may allow unauthenticated, remote access to the administrative console.
JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be remotely managed through a web-based administrative interface.
If JBoss is installed without using the advanced installer options, the JBoss security features will need to be configured manually. If a JBoss server is configured to allow unauthenticated access to the administrative interface, and is accessible from a remote network, then an attacker may be able to access and modify data on the server.
A remote, unauthenticated attacker may be able to gain administrative access to a JBoss Application Server. Once an attacker has access, they may be able to access and modify data on that server.
Use the installer
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Red Hat, Inc.||Affected||-||21 Feb 2007|
CVSS Metrics (Learn More)
This vulnerability was reported by Ben Dexter.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-1036
- Date Public: 20 Feb 2007
- Date First Published: 20 Feb 2007
- Date Last Updated: 21 Feb 2007
- Severity Metric: 2.25
- Document Revision: 32
If you have feedback, comments, or additional information about this vulnerability, please send us email.