[jboss-jira] [JBoss JIRA] Created: (JBAS-8954) jmx-console vulnerability
Jivko Sabev (JIRA)
jira-events at lists.jboss.org
Tue Mar 15 16:28:46 EDT 2011
jmx-console vulnerability
-------------------------
Key: JBAS-8954
URL: https://issues.jboss.org/browse/JBAS-8954
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: JMX/Web Console
Affects Versions: JBossAS-5.1.0.GA
Environment: verified on linux 2.6.32/AMD64 but should be applicable to all environments
Reporter: Jivko Sabev
Assignee: Darran Lofthouse
It is possible to deploy applications directly from jmx-console despite jmx-console being secured by username/password as described in "Securing JBoss Installations". I have noticed multiple unauthorized wars being deployed on my jboss 5.1 application server.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list