Lucene search

[email protected]NVD:CVE-2007-1036

HistoryFeb 21, 2007 - 11:28 a.m.

CVE-2007-1036

2007-02-2111:28:00

CWE-264

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.966 High

EPSS

Percentile

99.6%

JSON

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

Affected configurations

NVD

Node

jbossjboss_application_server

References

osvdb.org/33744

wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

www.kb.cert.org/vuls/id/632656

www.securityfocus.com/archive/1/460597/100/0/threaded

www.securityfocus.com/archive/1/460605/100/0/threaded

www.securityfocus.com/archive/1/460695/100/0/threaded

www.securitytracker.com/id?1017677

exchange.xforce.ibmcloud.com/vulnerabilities/32596

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.966 High

EPSS

Percentile

99.6%

JSON

Related for NVD:CVE-2007-1036

packetstorm1 prion2 cve2 redhatcve1 openvas1 cvelist2 cert1 nessus3 hackerone1 securityvulns1 nvd1 attackerkb1