geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anita Kulshreshtha <>
Subject MEJB Security Alert
Date Thu, 06 Sep 2007 13:46:21 GMT
    We have discovered a security vulnerability in Geronimo, where the
management EJB (MEJB) allows unchallenged access to Geronimo internals.
A temporary workaround is to make the following modifications to the
configuration file at <GERONIMO_HOME>/var/config.xml. This will disable

<module name="org.apache.geronimo.configs/openejb/2.0.1/car">
<gbean name="EJBNetworkService">
<gbean load="false" name="ejb/mgmt/MEJB"/>

We will be releasing a new version soon to control access to MEJB in a
more secure way. This issue will be tracked in


Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when.

View raw message