[jboss-user] [Management, JMX/JBoss] - Re: Securing JMX console (JBoss)

mcdan311 do-not-reply at jboss.com
Mon Apr 7 08:02:21 EDT 2008


This is the message that is being detected when security performs a scan on the server.

23842(8080/tcp) JBoss JMX Console Unrestricted Access
Vulnerability
CGI abuses

Synopsis :
The remote web server allows unauthenticated access to an
administrative Java servlet.
Description :
The remote web server appears to be a version of JBoss that allows
unauthenticated access to the JMX and/or Web Console servlets used to
manage JBoss and its services. A remote attacker can leverage this
issue to disclose sensitive information about the affected application
or even take control of it.
See also :
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
Solution :
Follow the Wiki article referenced above to secure access to the JMX /
Web Console.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4142048#4142048

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4142048



More information about the jboss-user mailing list