[jboss-user] [Management, JMX/JBoss] - Re: Securing JMX console (JBoss)
do-not-reply at jboss.com
Mon Apr 7 08:02:21 EDT 2008
This is the message that is being detected when security performs a scan on the server.
23842(8080/tcp) JBoss JMX Console Unrestricted Access
The remote web server allows unauthenticated access to an
administrative Java servlet.
The remote web server appears to be a version of JBoss that allows
unauthenticated access to the JMX and/or Web Console servlets used to
manage JBoss and its services. A remote attacker can leverage this
issue to disclose sensitive information about the affected application
or even take control of it.
See also :
Follow the Wiki article referenced above to secure access to the JMX /
Risk factor :
High / CVSS Base Score : 7.5
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4142048#4142048
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4142048
More information about the jboss-user