Update Protection against RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass Vulnerability
| Check Point Reference: | CPAI-2010-435 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA39563 | |
| Industry Reference(s): | CVE-2010-0738 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Red Hat JBoss Enterprise Application Platform Prior to 4.2.0.CP09 | ||
| Vulnerability Description An authentication bypass vulnerability has been reported in JBoss Enterprise Application Platform JMX Console application. JBoss Application Server (JBoss AS) is a free software and open-source Java EE-based application server. A remote attacker could use this issue to bypass the need to authenticate to access restricted resources. |
||
|
Update/Patch Available The vendor, RedHat, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to the authentication policy within the application that only enforces restrictions for GET and POST methods, other HTTP request verbs bypass authentication. A remote attacker could exploit this issue to gain administrative access to JBoss JMX management console and to upload and execute arbitrary Java code within the security context of the JBoss server process, normally SYSTEM on Windows platforms. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.