Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

JBoss JMX Console Unrestricted Access Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Tries to access the JMX and Web Consoles

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server allows unauthenticated access to an
administrative Java servlet.

Description :

The remote web server appears to be a version of JBoss that allows
unauthenticated access to the JMX and/or Web Console servlets used to
manage JBoss and its services. A remote attacker can leverage this
issue to disclose sensitive information about the affected application
or even take control of it.

See also :

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

Solution :

Follow the Wiki article referenced above to secure access to the JMX /
Web Console.

Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.