Vulnerability CVE-2007-1036

Vulnerability Name:

CVE-2007-1036 (CCN-32596)

Assigned:

2007-02-20

Published:

2007-02-20

Updated:

2018-10-16

Summary:

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Tue Feb 20 2007 - 07:06:24 CST
Jboss vulnerability

Source: CCN
Type: BugTraq Mailing List, Tue Feb 20 2007 - 10:30:35 CST
Re: Jboss vulnerability

Source: MITRE
Type: CNA
CVE-2007-1036

Source: OSVDB
Type: UNKNOWN
33744

Source: CCN
Type: Packetstorm Security Website
JBoss DeploymentFileRepository WAR Deployment

Source: CCN
Type: SECTRACK ID: 1017677
JBoss Default Configuration Lets Remote Users Gain Administrative Access

Source: MISC
Type: UNKNOWN
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

Source: MISC
Type: UNKNOWN
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

Source: CCN
Type: JBoss Web site
JBoss Application Server- A simply powerfule J2EE application server

Source: CCN
Type: US-CERT VU#632656
JBoss Application Server may not properly restrict access to the administrative interface

Source: CERT-VN
Type: US Government Resource
VU#632656

Source: CCN
Type: OSVDB ID: 33744
JBoss Console / Web Management Direct Request Authentication Bypass

Source: BUGTRAQ
Type: UNKNOWN
20070220 Jboss vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070220 Re: Jboss vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070220 Re: Jboss vulnerability

Source: SECTRACK
Type: UNKNOWN
1017677

Source: XF
Type: UNKNOWN
jboss-admin-unauth-access(32596)

Source: XF
Type: UNKNOWN
jboss-admin-unauth-access(32596)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-05-2012]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [02-20-2007]
JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [02-20-2007]
JBoss JMX Console Deployer Upload and Execute

Vulnerable Configuration:

Configuration 1:

cpe:/a:jboss:jboss_application_server:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:jboss:jboss_application_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK