CVE-2007-1036 Information

Description

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces which allows remote attackers to bypass authentication and gain administrative access via direct requests.

Reference

http://osvdb.org/33744 http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole http://www.kb.cert.org/vuls/id/632656 http://www.securityfocus.com/archive/1/460597/100/0/threaded http://www.securityfocus.com/archive/1/460605/100/0/threaded http://www.securityfocus.com/archive/1/460695/100/0/threaded http://www.securitytracker.com/id?1017677 https://exchange.xforce.ibmcloud.com/vulnerabilities/32596