Home > Developer > Mobile Develop

What does WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your application has in Common?

Source: Internet
Author: User
Tags jboss jboss application server opennms websphere application server
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

What ?

The most underrated, underhyped vulnerability have recently come to my attention, and I ' m about to bring it to your S. No one gave it a fancy name, there were No press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code is released over 9 MONTHS AGO, none of the products mentioned in the title of This post has been patched, along with many more. In fact no patch was available for the Java library containing the vulnerability. In addition to any commercial products that is vulnerable, this also affects many custom applications.

In this post I'll be dropping pre-authentication, remote code execution exploits that leverage the vulnerability for WEBL Ogic, WebSphere, JBoss, Jenkins, and OpenNMS. All on the newest versions. Even more interesting, I'll detail the process we went through to discover that these products were vulnerable, and how I Developed the exploits. This should empower the go out and find this same bugs in your own software or commercial products so you or your Clie NTS use. All code can is found on the Foxglove Security Github.

I ' ll also be touching on what this bug was unlikely to go away soon. You can infuriate your developers and ops people by telling them to follow the instructions in "the Fix" sections to Remedi Ate this in your environment. It'll fix it, but it's an admittedly ugly solution.

This post was going to be long. Because i ' m a nice person, I made you a index. Feel free-to-skip straight to the exploits if you ve got better things to do than read my rambling:

  2. Background –unserialize Vulnerabilities and why didn ' t I hear about this sooner?

  4. The Vulnerability –light Details on the @frohoff and @gebl

  6. How Common is Commons? –how to find software this is vulnerable

  8. Exploit Dev for Skiddies , Haven High Level process-to-using this vulnerability

  10. Exploit 1–websphere Application Server

  12. Exploit 2–jboss Application Server

  14. Exploit 3–jenkins

  16. Exploit 4–weblogic Application Server

  18. Exploit 5–opennms Through RMI

  20. The fix–how to Monkey Patch Your Servers

...

Article longer, do not copy and paste, directly read the original bar

Original: http://foxglovesecurity.com/2015/11/06/ what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/# Background


What does WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your application has in Common?

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
websphere application server logs and trace ssl certificate in websphere application server 404 error in websphere application server ssl certificate renewal in websphere application server what is jboss application server used for service integration bus in websphere application server what is managed server in weblogic

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More