Results 1 to 1 of 1
During a regular nessus scan i came across a jBoss security hole as follows
Synopsis :
The remote web server allows unauthenticated access to an
administrative Java servlet.
Description :
...
- 06-24-2010 #1Just Joined!
- Join Date
- Mar 2007
- Posts
- 1
jBoss security hole
During a regular nessus scan i came across a jBoss security hole as follows
Synopsis :
The remote web server allows unauthenticated access to an
administrative Java servlet.
Description :
The remote web server appears to be a version of JBoss that allows
unauthenticated access to the JMX and/or Web Console servlets used to
manage JBoss and its services. A remote attacker can leverage this
issue to disclose sensitive information about the affected application
or even take control of it.
Solution :
Secure or remove access to the JMX and/or Web Console
using the advanced installer options.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Do you guys have any experience with fixing this hole? i have not used jboss but am supposed to fix it up.Thank you guys in advance.
cheers,
Devils
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts