i am ruuning jboos on windows xp , found in the logs some one has deployed web app to jboss which enables him to open socket to my machine.
i don't understand how he could upload such WAR file to the deployment directory of jboss .
any i开发者_Python百科deas please ?
The attacker may have exploited JMX console default configuration vulnerability (JBoss JIRA JBAS-8954). It is a well known vulnerability, so you should be able to find the remedy.
- http://www.articlesbase.com/security-articles/exploitation-and-remediation-of-jboss-application-server-default-configuration-vulnerability-1889469.html
- http://goohackle.com/jboss-security-vulnerability-jmx-management-console/
AFAIR up to JBoss v4 you could just copy WARs to the deploy directory and let JBoss autodeploy them. Could it be that somebody were able to copy a file there perhaps over a network share?
Next it was possible to deploy web applications using JBoss Management Console - this is accessible over the network, is it opened on your machine? Did you change default user/password?
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论