Loading
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
Use CWE-264, Jboss vendor hub and Jboss Application Server product page to widen CVE-2007-1036 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2006-5750 and CVE-2007-1354 for nearby disclosures in the same product family.