The JBoss Application Server may allow unauthenticated, remote access to the administrative console.
JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be remotely managed through a web-based administrative interface.
If JBoss is installed without using the advanced installer options, the JBoss security features will need to be configured manually. If a JBoss server is configured to allow unauthenticated access to the administrative interface, and is accessible from a remote network, then an attacker may be able to access and modify data on the server.
A remote, unauthenticated attacker may be able to gain administrative access to a JBoss Application Server. Once an attacker has access, they may be able to access and modify data on that server.
Use the installer
This vulnerability was reported by Ben Dexter.
|Date First Published:||2007-02-20|
|Date Last Updated:||2007-02-21 22:50 UTC|