6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$10"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","java",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L11",null,{"href":"/discussion/tag/java/1","children":"java"}]}],["$","span","security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L11",null,{"href":"/discussion/tag/security/1","children":"security"}]}],["$","span","jakarta-ee",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L11",null,{"href":"/discussion/tag/jakarta-ee/1","children":"jakarta-ee"}]}],["$","span","jboss",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L11",null,{"href":"/discussion/tag/jboss/1","children":"jboss"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/GA1Hf.jpg?s=256","alt":"Mohamed Magdy","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/321114/mohamed-magdy","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Mohamed Magdy"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",551]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"JBoss security issue"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

i am ruuning jboos on windows xp , found in the logs some one has deployed web app to jboss which enables him to open socket to my machine.

\n\n

i don't understand how he could upload such WAR file to the deployment directory of jboss .

\n\n

any ideas please ?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",772]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","5770415",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/eaa6ac6d752d827514c56c896651878c?s=256&d=identicon&r=PG","alt":"Tomasz Stanczak","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/693387/tomasz-stanczak","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Tomasz Stanczak"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",13164]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

AFAIR up to JBoss v4 you could just copy WARs to the deploy directory and let JBoss autodeploy them. Could it be that somebody were able to copy a file there perhaps over a network share?

\n\n

Next it was possible to deploy web applications using JBoss Management Console - this is accessible over the network, is it opened on your machine? Did you change default user/password?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}],["$","div","5770410",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/sIxs3.jpg?s=256","alt":"Jurri","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/719092/jurri","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Jurri"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",318]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

The attacker may have exploited JMX console default configuration vulnerability (JBoss JIRA JBAS-8954). It is a well known vulnerability, so you should be able to find the remedy.

\n\n

More on this issue:

\n\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","12668621",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/12668621","className":"text-blue-600 hover:underline","children":"JBOSS JMXInvokerServlet security access issue"}]}],["$","li","42457322",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/42457322","className":"text-blue-600 hover:underline","children":"Javaee Jboss j_security_check login always fails"}]}],["$","li","43063321",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/43063321","className":"text-blue-600 hover:underline","children":"JBoss AS 7.1.0 Final possible security issue"}]}],["$","li","35172966",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/35172966","className":"text-blue-600 hover:underline","children":"JBoss authentication issue"}]}],["$","li","33752798",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/33752798","className":"text-blue-600 hover:underline","children":"Issue With JSecurity Check"}]}],["$","li","10568432",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/10568432","className":"text-blue-600 hover:underline","children":"Java - Jboss deployment errors"}]}],["$","li","6122931",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/6122931","className":"text-blue-600 hover:underline","children":"JAAS web-security on jboss 5"}]}],["$","li","2703671",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/2703671","className":"text-blue-600 hover:underline","children":"j2ee: I have a problem regarding jboss server"}]}],["$","li","2110231",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/2110231","className":"text-blue-600 hover:underline","children":"Jboss Server Exception"}]}],["$","li","341585",{"className":"mb-2","children":["$","$L11",null,{"href":"/discussion/solution/341585","className":"text-blue-600 hover:underline","children":"Security in Java EE Application with JBoss"}]}]]}]]}]]}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}],["$","$L16",null,{}]]

JBoss security issue

Answers (2)

Related Questions