Jboss vulnerability Feb 20 2007 01:06PM
dexie tsn cc (4 replies)
Just fired this off to USCERT, not pretty.

---------------------------- Original Message ----------------------------
Subject: jboss vulnerability
From: dexie (at) tsn (dot) cc [email concealed]
Date: Tue, February 20, 2007 10:54 pm
To: "cert (at) cert (dot) org [email concealed]" <cert (at) cert (dot) org [email concealed]>
Cc: "soc (at) us-cert (dot) gov [email concealed]" <soc (at) us-cert (dot) gov [email concealed]>

Hi guys.

I am an IT Security analyst in Canberra, Australia.

I recently encountered an issue with jboss, which led me to do some Google


The search will pull up around 41500 results. Click on any of the links
and you will gain access to the backend app (ie start/stop services,
modify data,etc). I do not know if this will work in all cases, however I
would recommend a good deal of caution if you do follow any of the links.

Please let me know if you need any further info - I have nfi who to
actually contact as auscert has no vulnerability reporting option and this
is a first for me...

Ben Dexter.
+61 2 6207 0368

[ reply ]
Re: Jboss vulnerability (AUSCERT#2007d2feb) Feb 20 2007 11:48PM
AusCERT (auscert auscert org au)
Re: Jboss vulnerability Feb 20 2007 11:06PM
Javier Antunez (javier antunez gmail com)
Re: Jboss vulnerability Feb 20 2007 04:40PM
James Davis (jamesd cert ja net)
Re: Jboss vulnerability Feb 20 2007 04:30PM
Harry Hoffman (hhoffman ip-solutions net)


Privacy Statement
Copyright 2010, SecurityFocus