Tags » JBoss
This is a public service announcement for those customers using JBoss without hardening their applications.
QUOTE from the original article:
“…Recently, Imperva’s ADC had detected a surge in the exploitation of web servers powered by the JBoss AS, probably as a result of the public disclosure of an exploit code that abuse this vulnerability… The vulnerability allows an attacker to abuse the management interface of the JBoss AS in order to deploy additional functionality into the web server. 137 more words
if you want to change jboss 7.1 admin console password, first remove the user and add it again.
- open “jboss-as-x.x.x.Final\standalone\configuration\mgmt-users.properties” and delete the user (i.e delete the line such as “admin=2c7123264278731425d1f53aeb55da1e”) 71 more words
Edit your file jboss-as-7.1.1.Final/standalone/configuration/standalone.xml
change this value
<virtual-server name=”default-host” enable-welcome-root=”true”>
<virtual-server name=”default-host” enable-welcome-root=”false” default-web-module=”your-web-app”>