JBoss JMX - Console Beanshell Deployer Vulnerability (CVE-2010-0738) Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


JBoss JMX - Console Beanshell Deployer Vulnerability (CVE-2010-0738) Scanner Detail

Tests whether a JBoss target is vulnerable to jmx console authentication bypass (CVE-2010-0738).

It works by checking if the target paths require authentication or redirect to a login page that could be bypassed via a HEAD request. RFC 2616 specifies that the HEAD request should be treated exactly like GET but with no returned response body. The script also detects if the URL does not require authentication at all.

For more information, see:

  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
  • http://www.imperva.com/resources/glossary/http_verb_tampering.html
  • https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29

Some Advice for Common Problems

Download the latest patches.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service