CVE-2007-1036

critical

Description

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32596

http://www.securitytracker.com/id?1017677

http://www.securityfocus.com/archive/1/460695/100/0/threaded

http://www.securityfocus.com/archive/1/460605/100/0/threaded

http://www.securityfocus.com/archive/1/460597/100/0/threaded

http://www.kb.cert.org/vuls/id/632656

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

http://osvdb.org/33744

Details

Source: Mitre, NVD

Published: 2007-02-21

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics