APP: RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
This signature detects attempts to exploit a known authentication bypass vulnerability in the RedHat JBoss Enterprise Application Platform JMX Console. This is caused by the authentication policy within the application that only enforces restrictions for GET and POST methods, other HTTP request verbs bypass authentication. Unauthenticated remote attackers can exploit this to gain administrative access to JBoss JMX management console and to upload and execute arbitrary Java code within the security context of the JBoss server process, normally SYSTEM on Windows platforms.
Extended Description
JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues. An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain unauthorized access to the application.
Affected Products
Red_hat jboss_enterprise_application_platform
Short Name
APP:JBOSS-JMX-AUTH-BYPASS
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Application Authentication Bypass CVE-2007-1036 CVE-2010-0738 CVE-2014-7883 Console Enterprise JBoss JMX Platform RedHat bid:39710 bid:72432
Release Date
09/28/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Hp
CVSS Score
7.5
5.0