Lucene search

PRIOn knowledge basePRION:CVE-2007-1036

HistoryFeb 21, 2007 - 11:28 a.m.

Authentication flaw

2007-02-2111:28:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

References

osvdb.org/33744

wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

www.kb.cert.org/vuls/id/632656

www.securityfocus.com/archive/1/460597/100/0/threaded

www.securityfocus.com/archive/1/460605/100/0/threaded

www.securityfocus.com/archive/1/460695/100/0/threaded

www.securitytracker.com/id?1017677

exchange.xforce.ibmcloud.com/vulnerabilities/32596

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

Related for PRION:CVE-2007-1036