Vulnerability Description
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jboss | Jboss Application Server | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/33744
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
- http://www.kb.cert.org/vuls/id/632656US Government Resource
- http://www.securityfocus.com/archive/1/460597/100/0/threaded
- http://www.securityfocus.com/archive/1/460605/100/0/threaded
- http://www.securityfocus.com/archive/1/460695/100/0/threaded
- http://www.securitytracker.com/id?1017677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32596
- http://osvdb.org/33744
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
- http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
- http://www.kb.cert.org/vuls/id/632656US Government Resource
- http://www.securityfocus.com/archive/1/460597/100/0/threaded
- http://www.securityfocus.com/archive/1/460605/100/0/threaded
FAQ
What is CVE-2007-1036?
CVE-2007-1036 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access ...
How severe is CVE-2007-1036?
CVE-2007-1036 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1036?
Check the references section above for vendor advisories and patch information. Affected products include: Jboss Jboss Application Server.