Vulnerability Details : CVE-2007-1036

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
Published 2007-02-21 11:28:00
Updated 2018-10-16 16:36:27
Source MITRE
View at NVD,
At least one public exploit which can be used to exploit this vulnerability exists!

Exploit prediction scoring system (EPSS) score for CVE-2007-1036

Probability of exploitation activity in the next 30 days: 97.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2007-1036

  • JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
    Disclosure Date : 2007-02-20
    This module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The DeploymentFileRepository methods are only available on Jboss 4.x and 5.x. Authors: - Patrick Hof - Jens Liebchen - h0ng10
  • JBoss JMX Console Deployer Upload and Execute
    Disclosure Date : 2007-02-20
    This module can be used to execute a payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:MainDeployer functionality. To accomplish this, a temporary HTTP server is created to serve a WAR archive containing our payload. This method will only work if the target server allows outbound connections to us. Authors: - jduck <[email protected]> - Patrick Hof - h0ng10

CVSS scores for CVE-2007-1036

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]

CWE ids for CVE-2007-1036

Vendor statements for CVE-2007-1036

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!