This content has been marked as final.
Show 3 replies
-
1. Re: Jboss4.2.2- Malicious files under bin folder
jaysensharma Apr 29, 2015 3:06 PM (in response to amoskanakam)JBoss 4.2 is too old and outdated.
However it seems that you might be affected with the : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0738
So check your "jmx-console.war/WEB-INF/web.xml" file... if you find any http-method then remove them. (first delete all the unwanted files which are created inside your jboss/bin and then fix the jmx-console.war)
-
2. Re: Jboss4.2.2- Malicious files under bin folder
amoskanakam Apr 30, 2015 2:00 AM (in response to jaysensharma)Hi Jaykumar,
Thank you for responding to this issue.
I have removed jmx-console.war, jbossws.sar and bsh-deployer.xml files. Do I still need to do the cnofigurations mentioned by you?
Thank you.
-
3. Re: Jboss4.2.2- Malicious files under bin folder
jaysensharma Apr 30, 2015 2:06 AM (in response to amoskanakam)No, If you have already removed them then it can not cause attacks. But you need to make sure that the malicious files, which got created earlier are deleted.