Hackers actively exploiting JBoss vulnerability to compromise servers, researchers sayNov 19, 2013, 14:00 (0 Talkback[s])
(Other stories by Lucian Constantin)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner. At the beginning of October security researcher Andrea Micalizzi released an exploit for a vulnerability he identified in products from multiple vendors including Hewlett-Packard, McAfee, Symantec and IBM that use 4.x and 5.x versions of JBoss. That vulnerability, tracked as CVE-2013-4810, allows unauthenticated attackers to install an arbitrary application on JBoss deployments that expose the EJBInvokerServlet or JMXInvokerServlet.
0 Talkback[s] (click to add your comment)