Researchers are warning of an increase in attacks a exploiting a vulnerability in JBoss AS, an open-source Java EE-based application server, that was first disclosed in 2011.
The uptick in attacks targeting this vulnerability is suspected to be a consequence of the release of an exploit security researcher Andrea Micalizzi made public in October.
“The vulnerability allows an attacker to abuse the management interface of the JBoss AS in order to deploy additional functionality into the web server,” the researchers stated. “Once the attackers deploy that additional functionality, they gain full control over the exploited JBoss infrastructure, and therefore the site powered by that Application Server.”
Although the vulnerability has been known for two years, many systems administrators have yet to properly configure their servers to mitigate the threat, and the number of potential targets has increased over time, making the exploit even more attractive to attackers.
“The number of server[s] exposing their JBoss management interfaces had more than tripled itself (7,000 to 23,000) since the vulnerability was presented on 2011,” the researchers noted.
“The list of the exposed sites contains some governmental and educational sites. We had identified some of them to be actually infected with a web shell code.”
Categories: Top Security Stories