|
Family: CGI abuses --> Category: infos
JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability Scan
Vulnerability Scan Summary Attempts to read security policy of a remote JBoss server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an information disclosure flaw.
Description :
The remote JBoss server is vulnerable to an information disclosure
flaw which may allow a possible hacker to retrieve the physical path of the
server installation, its security policy, or to guess its exact
version number. A possible hacker may use this flaw to gain more
information about the remote configuration.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=111911095424496&w=2
http://www.securityfocus.com/advisories/10104
Solution :
Upgrade to JBoss 3.2.8 or 4.0.3. Or edit JBoss' 'jboss-service.xml'
configuration file, set 'DownloadServerClasses' to 'false', and
restart the server.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|