CVE-2006-3733

Name of the Vulnerable Software and Affected Versions Jboss web application server versions prior to 4.2.1

Description The issue allows remote attackers to gain privileges as the administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. This is due to a problem in the jmx-console/HtmlAdaptor in the JBoss web application server.

Recommendations For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the jmx-console/HtmlAdaptor to minimize the risk of exploitation.