3 Replies Latest reply on Apr 30, 2015 2:06 AM by jaysensharma

Jboss4.2.2- Malicious files under bin folder

amoskanakam Apr 29, 2015 5:53 AM

Hello everyone,

I am having a tough time in deleting and restarting our production servers very often because of the malicious files coming and piling under jboss/bin folder. (Please see the attached screenshot)

I have deleted jmx-console.war, jbossws.sar and bsh-deployer.xml files, but could not able to stop the files coming in.

Could someone tell me how these files are coming in? What is the solution for this.

Thank you.

jboss422-bin.png 14.0 KB

1. Re: Jboss4.2.2- Malicious files under bin folder

jaysensharma Apr 29, 2015 3:06 PM (in response to amoskanakam)

JBoss 4.2 is too old and outdated.

However it seems that you might be affected with the : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0738

So check your "jmx-console.war/WEB-INF/web.xml" file... if you find any http-method then remove them. (first delete all the unwanted files which are created inside your jboss/bin and then fix the jmx-console.war)

SecureTheJmxConsole | JBoss Developer
Actions
2. Re: Jboss4.2.2- Malicious files under bin folder

amoskanakam Apr 30, 2015 2:00 AM (in response to jaysensharma)

Hi Jaykumar,

Thank you for responding to this issue.

I have removed jmx-console.war, jbossws.sar and bsh-deployer.xml files. Do I still need to do the cnofigurations mentioned by you?

Thank you.
Actions
3. Re: Jboss4.2.2- Malicious files under bin folder

jaysensharma Apr 30, 2015 2:06 AM (in response to amoskanakam)

No, If you have already removed them then it can not cause attacks. But you need to make sure that the malicious files, which got created earlier are deleted.
Actions

Go to original post