JBoss JMX - Console Beanshell Deployer Vulnerability (CVE-2010-0738) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

JBoss JMX - Console Beanshell Deployer Vulnerability (CVE-2010-0738) Scanner Detail

Tests whether a JBoss target is vulnerable to jmx console authentication bypass (CVE-2010-0738).

It works by checking if the target paths require authentication or redirect to a login page that could be bypassed via a HEAD request. RFC 2616 specifies that the HEAD request should be treated exactly like GET but with no returned response body. The script also detects if the URL does not require authentication at all.

For more information, see:

  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
  • http://www.imperva.com/resources/glossary/http_verb_tampering.html
  • https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29

Some Advice for Common Problems

Download the latest patches.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service