Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload  (Read 2433 times)

0 Members and 1 Guest are viewing this topic.

nidhinjo

  • Guest
This module can be used to install a WAR file payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:BSHDeployer\'s createScriptDeployment() method. This signature detects attempts to exploit a vulnerability in JBoss which could result in remote code execution. The default configuration of JBoss does not restrict access to the console and web management interfaces. This allows remote attackers to bypass authentication and gain administrative access via direct requests.

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Affected Products

RedHat JBoss Enterprise Application Platform 4.3 & 4.3 EL5 & 4.3 EL4
RedHat JBoss Enterprise Application Platform 4.2 & 4.2 EL5 & 4.2 EL4

CVSS Scores & Vulnerability Types

Code: [Select]
CVSS Score              5.0
Confidentiality Impact        Partial (There is considerable informational disclosure.)
Integrity Impact               None (There is no impact to the integrity of the system)
Availability Impact             None (There is no impact to the availability of the system.)
Access Complexity              Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication                    Not required (Authentication is not required to exploit the vulnerability.)
Gained Access                   None
CWE ID                                264

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Fixes

    BZ - 571905 - Tracker bug for the EAP 4.3.0.cp08 release.
    BZ - 574105 - CVE-2010-0738 JBoss EAP jmx authentication bypass with crafted HTTP request
    BZ - 585899 - CVE-2010-1428 JBoss Application Server Web Console Authentication bypass
    BZ - 585900 - CVE-2010-1429 JBossEAP status servlet info leak
=========================================== :)==========================================