Over the last few weeks reports of crypto-ransomware have been circulated on the Internet and in the Press. While public details are sparse and victims are hesitant to share details, Red Hat is aware that older, un-patched versions of JBoss have been linked to several cases. The main flaw seen used has been CVE-2010-0738. Unsecured consoles appear to have been the main culprit of allowing attackers into internal networks using the JexBoss testing tool.
Red Hat JBoss Enterprise Application Platform (EAP) comes with more hardened defaults, but older copies of EAP and of JBoss Community editions (now know as WildFly) have had available patches and security recommendations since 2010.
To learn more about impacted configurations and treatments, please view:
Is my JBoss/EAP Server Vulnerable to Samas Ransomware? and Securing the JMX Console and Web Console
As always, the best treatment for security vulnerabilities is to apply the latest available patches, and implement server security hardening best practices that are reasonable to your business-context. Other good practices include conducting penetration testing prior to taking applications live to the web to discover vulnerabilities such as this or others.
Last updated: June 27, 2023