Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When the administrator is logged on the JMX Console of JBoss AS,
an attacker can invite him to display a malicious web page, in
order to automatically deploy a WAR file via the
DeploymentFileRepository MBean.

– Severity: 2/4
– Creation date: 16/06/2010

DESCRIPTION OF THE VULNERABILITY

The JMX Console of JBoss Application Server is used to administer
the site.

The DeploymentFileRepository MBean is used to easily deploy a WAR
application on the site.

The page http://server:8080/jmxconsole/HtmlAdaptor can directly
call DeploymentFileRepository, without confirmation, in order to
deploy a malicious application.

When the administrator is logged on the JMX Console of JBoss AS,
an attacker can therefore invite him to display a malicious web
page containing an image to HtmlAdaptor, in order to automatically
deploy a WAR file via the DeploymentFileRepository MBean.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/JBoss-AS-Cross-Site-Request-Forgery-of-JMX-Console-9711