Release DateOct 26, 2011 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems. |
DescriptionThis indicates detection of a attempt to exploit a vulnerability in JBoss 4.x, 5.x and 6.x.The vulnerability is in the JBoss Web JMX Console services that can be used to deploy a new application via the "HtmlAdaptor" servlet. |
Affected ProductsJBoss 4.x, 5.x and 6.x both on Windows and Linux. |
Recommended ActionsUpgrade to the latest version, available from the web site.http://www.jboss.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-0738 |
Reference/shttp://www.redteam-pentesting.de/publications/jbosshttp://www.securityfocus.com/bid/39710 (BugTraq) |
