Red Hat has become aware of a worm currently affecting unpatched or unsecured servers running JBoss Application Server and products based on it.  This worm propagates by connecting to unprotected JMX consoles, then uses the ability of the JMX console to execute arbitrary code in the context of the JBoss user.


The worm affects users of JBoss Application Server who have not correctly secured their JMX consoles as well as users of older, unpatched versions of JBoss enterprise products.  An update to JBoss enterprise products was produced in April 2010 to correct the flaw, CVE-2010-0738


Instructions for securing the JMX console are available here: