- Home
- CVEs with nessus.description==The version of JBoss Enterprise Application Platform (EAP) running on
the remote host allows unauthenticated access to documents under the
/jmx-console directory. This is due to a misconfiguration in web.xml
which only requires authentication for GET and POST requests.
Specifying a different verb such as HEAD, DELETE, or PUT causes the
default GET handler to be used without authentication.
A remote, unauthenticated attacker could exploit this by deploying a
malicious .war file, resulting in arbitrary code execution.
This version of JBoss EAP likely has other vulnerabilities (refer to
Nessus plugins 33869 and 46181)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top