Notice: Monitoring services will be discontinued from March 31st, 2019.
This module can be used to install a WAR file payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:BSHDeployer\'s createScriptDeployment() method. This signature detects attempts to exploit a vulnerability in JBoss which could result in remote code execution. The default configuration of JBoss does not restrict access to the console and web management interfaces. This allows remote attackers to bypass authentication and gain administrative access via direct requests.
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Affected Products
RedHat JBoss Enterprise Application Platform 4.3 & 4.3 EL5 & 4.3 EL4
RedHat JBoss Enterprise Application Platform 4.2 & 4.2 EL5 & 4.2 EL4
CVSS Scores & Vulnerability Types
CVSS Score 5.0
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact None (There is no impact to the integrity of the system)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
CWE ID 264
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Fixes
BZ - 571905 - Tracker bug for the EAP 4.3.0.cp08 release.
BZ - 574105 - CVE-2010-0738 JBoss EAP jmx authentication bypass with crafted HTTP request
BZ - 585899 - CVE-2010-1428 JBoss Application Server Web Console Authentication bypass
BZ - 585900 - CVE-2010-1429 JBossEAP status servlet info leak