Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Checking for jboss authentication bypass

From: Hani Benhabiles <kroosec () gmail com>
Date: Tue, 6 Dec 2011 13:05:22 +0100
Hi Martin,

Check out the scripts/http-method-tamper.nse which defaults to checking
CVE-2010-738 and the discussion [1] we had about it.

[1] http://seclists.org/nmap-dev/2011/q4/225

Cheers,
Hani.

On Tue, Dec 6, 2011 at 12:46 PM, Martin Holst Swende <martin () swende se>wrote:


Hi list,

I threw together a script to check if a server is vulnerable to jboss
authentication bypass. It makes
a get request to /jmx-console first to see if it is a jboss and whether
it requires authentication. If  it is and does,
it tries a head-request. A http 500 response means it is vulnerable.

As I wrote it, I copy-pasted a bit from other http-scripts. I was
wondering; is this the correct way to do it
if I want it to be able to work also against http or http-alt tunneled
over https ?

Regards,
Martin Holst Swende

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/





-- 
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: kroosec <https://twitter.com/#%21/kroosec>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: