Threat Advisory: A JBoss AS Exploit, Web Shell code Injection

This is a public service announcement for those customers using JBoss without hardening their applications.

QUOTE from the original article:

“…Recently, Imperva’s ADC had detected a surge in the exploitation of web servers powered by the JBoss AS, probably as a result of the public disclosure of an exploit code that abuse this vulnerability… The vulnerability allows an attacker to abuse the management interface of the JBoss AS in order to deploy additional functionality into the web server. Once the attackers deploy that additional functionality, they gain full control over the exploited JBoss infrastructure, and therefore the site powered by that Application Server… While the vulnerability is not new by itself and is known for at least two years, it is amazing to realize that during these years the attack surface had not decayed, but in fact had grown in terms of the number of the vulnerable web application… The number of server exposing their JBoss management interfaces had more than tripled itself (7,000 to 23,000) since the vulnerability was presented on 2011…

Recommendations and Mitigation

  • JBoss users should harden their web application according to JBoss manual.
  • Imperva’s customers have been updated with a signature to prevent unwanted access to the vulnerable JBoss AS servlet via our regular content updates.


Read full article here.

Categories: News

Tags: , ,

2 replies

  1. Very old *community* versions of the JBoss application server. Fix has been out for a long time and easy for people to apply. People see it is a scare article plain and simple.


    • This was *meant* as a scare article *for those who still use non-secure configurations*. As you can see – there are 21,000 of those. Security issues can be found in any software – even WebSphere, but people need to follow best practices and latest security advisories as to avoid and defend against attacks. This is not to say that there are WebSphere customers who do not follow security guidelines, but I have not seen WebSphere vulnerability being so permanently in the press. Have you?


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: