[jboss-jira] [JBoss JIRA] (AS7-5577) CLONE - Disable JGroups diagnostics service by default
[
https://issues.jboss.org/browse/AS7-5577?page=com.atlassian.jira.plugin.s...
]
Radoslav Husar reassigned AS7-5577:
-----------------------------------
Assignee: Radoslav Husar (was: Paul Ferraro)
CLONE - Disable JGroups diagnostics service by default
------------------------------------------------------
Key: AS7-5577
URL: https://issues.jboss.org/browse/AS7-5577
Project: Application Server 7
Issue Type: Bug
Components: Clustering
Affects Versions: 7.1.2.Final (EAP), 7.1.3.Final (EAP)
Reporter: Dennis Reed
Assignee: Radoslav Husar
Priority: Blocker
Labels: eap6_need_triage
Fix For: 7.2.0.Alpha1, 7.1.4.Final (EAP)
The JGroups diagnostics service should be disabled by default.
This can be accomlished by removing the "diagnostics-socket-binding" attribute
from the <transport> tags in the JGroups subsystem.
This is a security issue, because the diagnostics port enables many security-sensitive
operations, with no authentication, including:
- full thread dump of the JVM
- add/remove JGroups protocols
- call any method on any JGroups protocol, passing in arbitrary arguments
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira