CVE-2007-1036

high

Description

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

References

http://osvdb.org/33744

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

http://www.kb.cert.org/vuls/id/632656

http://www.securityfocus.com/archive/1/460597/100/0/threaded

http://www.securityfocus.com/archive/1/460605/100/0/threaded

http://www.securityfocus.com/archive/1/460695/100/0/threaded

http://www.securitytracker.com/id?1017677

https://exchange.xforce.ibmcloud.com/vulnerabilities/32596

Details

Source: MITRE

Published: 2007-02-21

Updated: 2018-10-16

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH