[keycloak-user] Jboss vulnerability

Juraci Paixão Kröhling juraci at kroehling.de
Tue Apr 19 08:45:47 EDT 2016


No. From the same link you sent:

"The vulnerability is more than six years old and Red Hat patched the 
flaw back in 2010."

I read somewhere else that this affected JBoss AS up to 6.x. Keycloak is 
deployed on a recent version of Wildfly, so, no, Keycloak is not affected.

- Juca.

On 19.04.2016 14:33, Ben Bazian wrote:
> Is Keycloak 1.8 susceptible to this vulnerability?
>
> Cisco Talos has identified millions of vulnerable JBoss servers that can
> potentially be infected with SamSam ransomware
>
> Attackers used a JBoss-specific exploit called JexBoss -- a Jboss
> verification and exploitation tool -- to compromise vulnerable servers
> and then install webshells and backdoors for remote access. Cisco Talos
> researchers found that compromised JBoss servers typically have more
> than one webshell installed, suggesting that the systems have been
> repeatedly compromised by different actors.  The list of webshells
> include
> mela, shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and jbot.
>
> http://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prevent-samsam-ransomware-attacks.html
>
> __________________________
>
> *BEN BAZIAN*
>
> *Director, Information Systems*
>
> MBO Partners
>
> cid:image001.png at 01D057F2.BE72C880
>
> *t*: 703.793.6010
>
> *f*: 703.793.6079
>
> *e*: bbazian at mbopartners.com
>
> *w*: mbopartners.com
>
> *s:*Twitter <http://www.twitter.com/mbopartners> |Linkedin
> <https://www.linkedin.com/company/mbo-partners> |Facebook
> <https://www.facebook.com/mbopartners>
>
> Notice: This email and any files transmitted with it are confidential.
> They are intended solely for the use of the individual addressed.  If
> you have received this email in error please notify
> postmaster at mbopartners.com <mailto:postmaster at mbopartners.com> and
> permanently delete the e-mail and files.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list