Bugtraq mailing list archives
Jboss vulnerability
From: dexie () tsn cc
Date: 20 Feb 2007 13:06:24 -0000
Just fired this off to USCERT, not pretty. ---------------------------- Original Message ---------------------------- Subject: jboss vulnerability From: dexie () tsn cc Date: Tue, February 20, 2007 10:54 pm To: "cert () cert org" <cert () cert org> Cc: "soc () us-cert gov" <soc () us-cert gov> -------------------------------------------------------------------------- Hi guys. I am an IT Security analyst in Canberra, Australia. I recently encountered an issue with jboss, which led me to do some Google enumeration... http://www.google.com.au/search?q=inurl:inspectMBean The search will pull up around 41500 results. Click on any of the links and you will gain access to the backend app (ie start/stop services, modify data,etc). I do not know if this will work in all cases, however I would recommend a good deal of caution if you do follow any of the links. Please let me know if you need any further info - I have nfi who to actually contact as auscert has no vulnerability reporting option and this is a first for me... Regards, Ben Dexter. +61 2 6207 0368
Current thread:
- Jboss vulnerability dexie (Feb 20)
- Re: Jboss vulnerability James Davis (Feb 20)
- Re: Jboss vulnerability Harry Hoffman (Feb 20)
- Re: Jboss vulnerability Javier Antunez (Feb 20)
- Re: Jboss vulnerability (AUSCERT#2007d2feb) AusCERT (Feb 21)
- <Possible follow-ups>
- Re: Jboss vulnerability ben . dexter (Feb 20)