vendor:
JBoss Application Server
by:
João Filho Matos Figueiredo
9
CVSS
HIGH
JMX Console and Web Console
78
CWE
Product Name: JBoss Application Server
Affected Version From: JBoss Application Server 4.0.x, 4.2.x, 4.3.x, 5.x, 6.x, 7.x
Affected Version To: JBoss Application Server 4.0.x, 4.2.x, 4.3.x, 5.x, 6.x, 7.x
Patch Exists: Yes
Related CWE: CVE-2010-0738, CVE-2010-1871
CPE: a:jboss:jboss_application_server
Metasploit:
https://www.rapid7.com/db/vulnerabilities/jboss_enterprise_application_platform-cve-2011-4085/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0378/, https://www.rapid7.com/db/vulnerabilities/jboss_enterprise_application_platform-cve-2010-0738/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0376/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0377/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0379/, https://www.rapid7.com/db/vulnerabilities/jboss_enterprise_application_platform-cve-2010-1871/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0564/
Other Scripts:
https://www.infosecmatter.com/nmap-nse-library/?nse=http-vuln-cve2010-0738, https://www.infosecmatter.com/nessus-plugin-library/?id=80195, https://www.infosecmatter.com/nessus-plugin-library/?id=53337, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/admin/http/jboss_bshdeployer, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/http/jboss_vulnscan, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/jboss_deploymentfilerepository, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/jboss_maindeployer, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/admin/http/jboss_deploymentfilerepository, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/sap/sap_icm_urlscan, https://www.infosecmatter.com/nmap-nse-library/?nse=http-vuln-cve2010-2861, https://www.infosecmatter.com/nessus-plugin-library/?id=63940, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/jboss_seam_upload_exec, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/admin/http/jboss_seam_exec, https://www.infosecmatter.com/metasploit-auxiliary-modules-detailed-spreadsheet/, https://www.infosecmatter.com/list-of-metasploit-linux-exploits-detailed-spreadsheet/
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2018
JexBoss v1.0
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. It can be used to test the presence of JMX Console and Web Console, which are vulnerable to remote code execution.
Mitigation:
Disable the JMX Console and Web Console, or restrict access to trusted IP addresses.
