Unrated severityNVD Advisory· Published Feb 21, 2007· Updated Apr 23, 2026

CVE-2007-1036

Description

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

Affected products

JBoss/Jboss Application Server
cpe:2.3:a:jboss:jboss_application_server:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/632656nvdUS Government Resource
osvdb.org/33744nvd
wiki.jboss.org/wiki/Wiki.jspnvd
wiki.jboss.org/wiki/Wiki.jspnvd
www.securityfocus.com/archive/1/460597/100/0/threadednvd
www.securityfocus.com/archive/1/460605/100/0/threadednvd
www.securityfocus.com/archive/1/460695/100/0/threadednvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/32596nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.072
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000