2 Replies Latest reply on Feb 27, 2007 1:12 PM by monkeyden

    FYI - JBoss AS vulnerability

    monkeyden

      JBoss AS shows up on the US-CERT (United States Computer Emergency Readiness Team). They make mention of the accessibility of the jmx-console for default installations.

      http://www.us-cert.gov/cas/bulletins/SB07-057.html

        • 1. Re: FYI - JBoss AS vulnerability
          peterj

          JBoss, as provided, is "developer friendly" which means that it is easy to start working with because it is wide open and has no security. Before releasing JBoss into production, you must take steps to secure it. In this light, it is good that the US-CERT report alerts companies to this fact.

          By the way, the JEMS installer gives the option of securing the various consoles as part of the installation.

          • 2. Re: FYI - JBoss AS vulnerability
            monkeyden

             

            JBoss, as provided, is "developer friendly"


            I agree. It's our job to prevent it from being "hacker friendly." Just figured this was worth a post here.