thanks to anyone reading this post.
A penetration test was performed by an external agency on my Staging server application which is on JBoss 4.0.4 instance.
It was reported for ‘Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Marshalled Object Remote Code Execution’
It is suggested to upgrade the JBoss server to close the vulnerability. Because of different business reasons I cannot upgrade to latest versions for the next 1 year or so.
In my application we don’t need to use any war deployment through any of these Servlets. I made some changes to work around [work around for the next 1 year]. What is the best way to test whether the environment is still vulnerable to this reported case? – Don’t have option to get the service from the external agency again.
By the way after my changes, for the urls http:///invoker/EJBInvokerServlet and http:///invoker/JMXInvokerServlet I can see the page with message ‘The requested resource (/invoker/JMXInvokerServlet) is not available.’ Before the changes these urls were opening EJBInvokerServlet and JMXInvokerServlet
Can someone please suggest the way to validate whether the environment is still vulnerable?
Also let me know if there is any recommended solution is available fix the vulnerability in JBoss 4.0.4.
Thank you.
It seems you are refering to CVE-2012-0874:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0874
An exploit for this vulnerability may be found at:
http://www.securityfocus.com/bid/62854
Look under the "exploit" tab on that page. The PHP code attempts an HTTP POST request to deploy an abritrary war file.
You said you can no longer access the /invoker/EJBInvokerServlet and /invoker/JMXInvokerServlet resources, so you are safe.