We are getting the following jboss vulnerabilities reported on teh HP-Synchronizer Server. Is there a fix/upgrade to resolve these issues?
| ♥ 0 |
we are getting the following jboss vulnerabilities. Is there a fix/upgrade to resolve these issues? The ‘EBJInvokerServlet’ and ‘JMXInvokerServlet’ servlets hosted on the web server on the remote host are accessible to unauthenticated users. The remote host is, therefore, affected by the following vulnerabilities: – A security bypass vulnerability exists due to improper restriction of access to the console and web management interfaces. An unauthenticated, remote attacker can exploit this, via direct requests, to bypass authentication and gain administrative access. – A remote code execution vulnerability exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. An unauthenticated, remote attacker can exploit this to bypass authentication and invoke MBean methods, resulting in the execution of arbitrary code. – A remote code execution vulnerability exists in the EJBInvokerServlet and JMXInvokerServlet servlets due to the ability to post a marshalled object. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to install arbitrary applications. Note that this issue is known to affect McAfee Web Reporter versions prior to or equal to version 5.2.1 as well as Symantec Workspace Streaming version 7.5.0.493 and possibly earlier.
Marked as spam
|
Posted by |
Private answer
Starting with ALMQC11.52, HP changed from JBOSS (which has the vunerability) to JETTY (which does not). There may be some generic JBOSS-related solution on internet, but there is nothing official from HP. Disabling the servlets should correct the issue: DISBABLED SERVLETS: Marked as spam
 Posted by pt-barnum (Questions: 4, Answers: 509) Answered on April 25, 2016 3:12 pm
|