New Tool Addresses JBoss Server Security

By ServerWatch Staff (Send Email)
Posted Jun 3, 2010

Trustwave plans to speak at the upcoming AthCon conference about how administrators often underestimate the security risks facing JBoss servers. As reported in this eWeek story, a Trustwave security consultant will unveil a new tool for compromising JBoss servers and discuss best practices for protecting JBoss servers.

The upcoming AthCon conference will highlight the security risks facing JBoss server admins.

"JBoss servers are often viewed as inherently secure due to the difficulty of obtaining off-the-shelf equipment for compromising the server, but JBoss' prevalence among enterprises gives attackers motive to get to work, Trustwave contends. Attackers are already performing such attacks however until recently the wider community was 'blissfully unaware that JBoss and Tomcat instances when left in their default configuration could be compromised in such a way,' Papathanasiou said.

"'We developed a tool that uses default functionality provided by Jboss which allows us to ultimately gain complete control of the machine in question, thereby demonstrating the real necessity going forward for admins to take great care in securing their exposed JBoss instances,' he said."

Read the Full Story at eWeek

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.