Lucene search

[email protected]CVE-2007-1036

HistoryFeb 21, 2007 - 11:28 a.m.

CVE-2007-1036

2007-02-2111:28:00

CWE-264

[email protected]

web.nvd.nist.gov

100

In Wild

cve-2007-1036

jboss

authentication bypass

administrative access

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

CPENameOperatorVersion
jboss:jboss_application_serverjboss jboss application servereq*

CPE	Name	Operator	Version
jboss:jboss_application_server	jboss jboss application server	eq	*

References

osvdb.org/33744

wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

www.kb.cert.org/vuls/id/632656

www.securityfocus.com/archive/1/460597/100/0/threaded

www.securityfocus.com/archive/1/460605/100/0/threaded

www.securityfocus.com/archive/1/460695/100/0/threaded

www.securitytracker.com/id?1017677

exchange.xforce.ibmcloud.com/vulnerabilities/32596

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2007-1036

packetstorm1 prion2 cert1 openvas1 nessus3 hackerone1 securityvulns1 attackerkb1 cve1