CVE-2007-1036
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
| Software | From | Fixed in |
|---|---|---|
| jboss / jboss_application_server | - | - |
- http://osvdb.org/33744
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
- http://www.kb.cert.org/vuls/id/632656
- http://www.securityfocus.com/archive/1/460597/100/0/threaded
- http://www.securityfocus.com/archive/1/460605/100/0/threaded
- http://www.securityfocus.com/archive/1/460695/100/0/threaded
- http://www.securitytracker.com/id?1017677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32596
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime