This content has been marked as final.
Show 4 replies
-
1. Re: JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users
dlbarron28 Jul 26, 2012 10:37 AM (in response to dlbarron28)Plenty of people are looking at my question so this must be a question that has come up in the past. Does no one have a suggestion?
-
2. Re: JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users
dlbarron28 Jul 30, 2012 10:52 AM (in response to dlbarron28)I have found one suggestion on the web to comment out the vulnerable servlets in the deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml.
I have tried this on one server and it does not seem to cause a problem. Is doing this going to cause more problems than it solves?
-
3. Re: JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users
foreigner Nov 22, 2012 5:08 AM (in response to dlbarron28)Hi David, did commenting these servlets in the corresponding web.xml help?
I have tried to do the same thing but qualys is still finding this security vulnerability. -
4. Re: JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users
pdmn Apr 15, 2013 5:29 PM (in response to dlbarron28)Hi David,
Have you found a reasonable solution to overcome this vulnerability.
Please share if you have found one.