JBoss Enterprise Application Platform JMX Console Authentication Bypass Remote Code Execution Exploit

The JMX-Console web application in JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. This module will exploit this vulnerability to deploy an agent by uploading a JSP file to the target server.
Platform: 
Vulnerabilty ID: 
CVE-2010-0738
Product Version: 
10.5
Released Date: 
Tuesday, June 29, 2010 - 00:00