search cancel

CVE-2017-7504 Red Hat JBoss Application Server Remote Code Execution Vulnerability

book

Article ID: 256251

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

How to remedy the following vulnerability in Enterprise Management (ENTM) Server?

Vulnerability Name - Red Hat JBoss Application Server Remote Code Execution Vulnerability
Port - 18080
Severity - High
CVE ID - CVE-2017-7504

Environment

Release : 14.0
Jboss Application version is Jboss-4.2.3.GA.

Resolution

The only way to fix this problem is to disable HTTP and allow only HTTPS access to the ENTM server.

You can disable port 18080 in the JBoss configuration files and only allow HTTPS access.

The steps for enabling only HTTPs port are described in here.

Enterprise Management Server SSL Communication