JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass
High Nessus Plugin ID 53337
SynopsisThe remote web server has an authentication bypass vulnerability.
DescriptionThe version of JBoss Enterprise Application Platform (EAP) running on the remote host allows unauthenticated access to documents under the /jmx-console directory. This is due to a misconfiguration in web.xml which only requires authentication for GET and POST requests.
Specifying a different verb such as HEAD, DELETE, or PUT causes the default GET handler to be used without authentication.
A remote, unauthenticated attacker could exploit this by deploying a malicious .war file, resulting in arbitrary code execution.
This version of JBoss EAP likely has other vulnerabilities (refer to Nessus plugins 33869 and 46181).
SolutionUpgrade to JBoss EAP version 4.2.0.CP09 / 4.3.0.CP08 or later.
If a non-vulnerable version of the software is being used, remove all <http-method> elements from the <security-constraint> section of the appropriate web.xml.