Vulnerability Apache Tomcat/Jboss Remote Code Execution ?

amegme Jun 21, 2016 11:01 AM

we use jboss-5.1.0 on a Win 2012R2 - Server.

A check via OpenVAS shows a security flaw for this application server host.

Vulnerability:

Apache Tomcat/Jboss EJBinvokerServlet / JMXInvokerServet ( RMI over HTTP )

Marshalled Object Remote Code Execution

OID: 1.3.6.1.4.1.25623.1.0.103811

Version used: $Revision: 1220 $

1. Re: Vulnerability Apache Tomcat/Jboss Remote Code Execution ?

jfclere Jun 21, 2016 10:58 AM (in response to amegme)

1 - Don't use unsupported versions.
2 - A vulnerability corresponds to a CVE number, without it no one can advice you.
Actions