[keycloak-user] Jboss vulnerability

Bill Burke bburke at redhat.com
Tue Apr 19 09:05:45 EDT 2016 

I find the timing of this article to be very weird.  As Juraci said, 
this was something that was patched more than 6 years ago.

On 4/19/2016 8:45 AM, Juraci Paixão Kröhling wrote:
> No. From the same link you sent:
>
> "The vulnerability is more than six years old and Red Hat patched the
> flaw back in 2010."
>
> I read somewhere else that this affected JBoss AS up to 6.x. Keycloak is
> deployed on a recent version of Wildfly, so, no, Keycloak is not affected.
>
> - Juca.
>
> On 19.04.2016 14:33, Ben Bazian wrote:
>> Is Keycloak 1.8 susceptible to this vulnerability?
>>
>> Cisco Talos has identified millions of vulnerable JBoss servers that can
>> potentially be infected with SamSam ransomware
>>
>> Attackers used a JBoss-specific exploit called JexBoss -- a Jboss
>> verification and exploitation tool -- to compromise vulnerable servers
>> and then install webshells and backdoors for remote access. Cisco Talos
>> researchers found that compromised JBoss servers typically have more
>> than one webshell installed, suggesting that the systems have been
>> repeatedly compromised by different actors.  The list of webshells
>> include
>> mela, shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and jbot.
>>
>> http://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prevent-samsam-ransomware-attacks.html
>>
>> __________________________
>>
>> *BEN BAZIAN*
>>
>> *Director, Information Systems*
>>
>> MBO Partners
>>
>> cid:image001.png at 01D057F2.BE72C880
>>
>> *t*: 703.793.6010
>>
>> *f*: 703.793.6079
>>
>> *e*: bbazian at mbopartners.com
>>
>> *w*: mbopartners.com
>>
>> *s:*Twitter <http://www.twitter.com/mbopartners> |Linkedin
>> <https://www.linkedin.com/company/mbo-partners> |Facebook
>> <https://www.facebook.com/mbopartners>
>>
>> Notice: This email and any files transmitted with it are confidential.
>> They are intended solely for the use of the individual addressed.  If
>> you have received this email in error please notify
>> postmaster at mbopartners.com <mailto:postmaster at mbopartners.com> and
>> permanently delete the e-mail and files.
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list