Millions of unpatched JBoss servers open to abuse

By on
Millions of unpatched JBoss servers open to abuse

Thousands of backdoors discovered.

Security researchers at Cisco's Talos group have discovered a large number of vulnerable internet-connected systems running out-of-date JBoss installations, with thousands of servers already compromised.

JBoss is a Java-based application server, delivered by enterprise Linux vendor Red Hat.

The Talos researchers said they found just over 2100 backdoors installed in around1600 IP addresses when they scanned for vulnerable systems.

The systems were running webshells for unauthorised remote access and control of the compromised server. Many of the vulnerable systems had been compromised more than once, and were running multiple different backdoors.

In total, the researchers estimate that around 3.2 million machines are at risk from being abused. Several JBoss servers were being exploited with the JexBoss (JBoss verify and EXploitation Tool) open source software as part of a global ransomware delivery campaign in March this year.

Attackers have been targeting educational software developer Follet's Destiny library management system, which is sold worldwide including in Australia.

Follett is aware of the vulnerability and will work with Talos to analyse webshells on compromised servers. The company is urging customers to patch their Destiny systems.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?