JBoss sysadmins need to get busy hardening their systems, with a rising number of attacks against the system, according to Imperva. The attacks are based on an exploit that was published back in October by Andrea Micalizzi. The exploit code gave remote attackers arbitrary code execution access to HP's PCM Plus and Application …
This used to be just sloppy configuration but not these days
In the past this sort of thing would be down to sloppy configuration by a sysadmin, ie leaving the management interfaces exposed to the world as there's no reason why everyone & his dog needs access to them, but then I've seen so many so called cloud providers doing this without the option to lock it down it's surprising these don't happen more often.
That said I've known one person over the years who wanted to expose MS sql server to the world because 'it was easier'
Old unsupported software has a security flaw? How surprising
(Disclaimer: I work for Red Hat)
The flaw isn't exploitable on the supported JBoss EAP releases since a second layer requires authentication. It isn't a flaw in AS 6 and 7, or EAP 6.
So in other words if you are running old unsupported versions of software and don't have security patches installed, then you might get affected by flaws from a year or two ago.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland