In association with heise online

27 November 2006, 19:43

Symantec finds vulnerability in JBoss Application Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Red Hat has warned in a security advisory of a bug in the JBoss Application Server. It appears that Symantec informed Red Hat of a critical bug in the DeploymentFileRepository class of the Java software. Red Hat has now fixed this by releasing a new version. This flaw could be exploited by an attacker to read and write to files with the JBoss user's rights, which could be used to execute non-system programs. Administrators can reduce the risk by password-protecting access to the management console on port 8080, as described in the JBoss documentation, but not set up by default.

Red Hat does not give any further information and so far there has been no direct information from Symantec. As yet, an updated version is not available from the JBoss website. An advisory merely states that all JBoss AS versions from 3.2.4 to 4.0.5 are affected and provides a link to the bug database.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit