OSVDB ID: 30767 Title: JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Traversal Arbitrary File Manipulation |
Info |
|
|
Dates |
||||
|
|
Description |
Jboss contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the JMX console not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the DeploymentFileRepository class. This directory traversal attack would allow the attacker to read or modify arbitrary files. |
Classification |
Location:
Remote / Network Access
Attack Type: Input Manipulation Impact: Loss of Integrity Solution: Patch / RCS Exploit: Exploit Public Disclosure: Vendor Verified |
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Jboss has released a patch to address this vulnerability. |
Products |
|
Credit |
Unknown or Incomplete |