Since the end of October there are several rumors of a new kind of worm targeting unpatched JBoss servers. These malicious scripts are attacking an old vulnerability that is described in the CVE-2010-0738 as a misconfiguration vulnerability, its default installation would allow remote attackers to invoke the administration console and deploy any arbitrary java program to run in the server. There are several scripts available throughout specialized websites that will automate the exploitation process.

It is definitely not a best practice to allow arbitrary access to any application server’s console, specially when we are dealing with production servers. This is a common problem in the J2EE platform but the situation gets worst due to the ability of remotely deploying arbitrary code.

Latest version of N-Stalker 2012 gives you an easy way to detect exposed JBOSS consoles and also if there are any common malicious scripts deployed in your server side. We will check for common files that are used within the exploit frameworks to identify any possible compromised servers. These features are available in the Free Edition and you can get it done in a matter of minutes (depending on the number of servers you want to test).

Get the latest N-Stalker Free Edition and find out if you might be a victim of the JBoss worm.