Basecamp: RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com
@ian reported that jabber.37signals.com and jabber.basecamp.com exposed on port 555 an unauthenticated Java JMX server which was vulnerable to RCE. We've looked into this and found that we forgot to clean up some DNS records when we decomissioned Jabber so the exposed IP address were not part of...