Hacks and Incidents

JBoss JMXInvokerServlet Remote Command Execution

JBoss JMXInvokerServlet Remote Command Execution: This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious “MarshalledInvocation” serialized Java object allows to execute arbitrary code. This exploit works even if the “Web-Console” and the “JMX Console” are protected or disabled.

Standard