Comments on: Securing your JBoss JMX Invoker Layer http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/ Tue, 06 Dec 2011 08:48:38 +0000 hourly 1 http://wordpress.com/ By: Technical Related Notes » Blog Archive » links for 2011-03-22 http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/#comment-110 Mon, 18 Apr 2011 09:59:19 +0000 http://objectopia.com/?p=154#comment-110 [...] secure jboss (tags: jboss) [...]

]]> By: Slava http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/#comment-77 Sun, 03 Apr 2011 04:34:03 +0000 http://objectopia.com/?p=154#comment-77 for those who find this topic by search:

There is a community courtesy notification for a severe security issue affecting some of the JBoss projects and products. Default security settings in web.xml protect only GET and POST protocols leaving another ones open. Please refer to the following Red Hat KBase article for more information:

JBoss Products & CVE-2010-0738

Only when you apply the solution you can be sure that your JMX Console is protected.
Please note that Web Console has the same issue, and you need to apply the solution to it as well.

Also it is recommended to hash passwords in the config files. Read about how to do it in JBoss Getting Started guide.

]]> By: Jon Court http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/#comment-46 Sun, 28 Feb 2010 00:22:19 +0000 http://objectopia.com/?p=154#comment-46 Nice – thanks for picking this up Gilles,

I had meant to contribute this back actually – somehow it dropped off my radar.

Regards,
Jon

]]> By: Gilles http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/#comment-45 Sun, 28 Feb 2010 00:09:33 +0000 http://objectopia.com/?p=154#comment-45 This feature will be added to twiddle in next JBoss releases
https://jira.jboss.org/jira/browse/JBPAPP-3391

]]>