|
Family: CGI abuses --> Category: infos
JBoss JMX Console Unrestricted Access Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to access the JMX and Web Consoles
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server allows unauthenticated access to an
administrative Java servlet.
Description :
The remote web server appears to be a version of JBoss that allows
unauthenticated access to the JMX and/or Web Console servlets used to
manage JBoss and its services. A remote attacker can leverage this
issue to disclose sensitive information about the affected application
or even take control of it.
See also :
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
Solution :
Follow the Wiki article referenced above to secure access to the JMX /
Web Console.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|