JBoss security issue

i am ruuning jboos on windows xp , found in the logs some one has deployed web app to jboss which enables him to open socket to my machine.

i don't understand how he could upload such WAR file to the deployment directory of jboss .

any i开发者_Python百科deas please ?

The attacker may have exploited JMX console default configuration vulnerability (JBoss JIRA JBAS-8954). It is a well known vulnerability, so you should be able to find the remedy.

More on this issue:

• http://www.articlesbase.com/security-articles/exploitation-and-remediation-of-jboss-application-server-default-configuration-vulnerability-1889469.html
• http://goohackle.com/jboss-security-vulnerability-jmx-management-console/

AFAIR up to JBoss v4 you could just copy WARs to the deploy directory and let JBoss autodeploy them. Could it be that somebody were able to copy a file there perhaps over a network share?

Next it was possible to deploy web applications using JBoss Management Console - this is accessible over the network, is it opened on your machine? Did you change default user/password?