Detections
Analytics

JBoss JMX Console Unrestricted Access

high Nessus Plugin ID 23842

Language:

Synopsis

The remote web server allows unauthenticated access to an administrative Java servlet.

Description

The remote web server appears to be a version of JBoss that allows unauthenticated access to the JMX and/or Web Console servlets used to manage JBoss and its services. A remote attacker can leverage this issue to disclose sensitive information about the affected application or even take control of it.

Solution

Secure or remove access to the JMX and/or Web Console using the advanced installer options.

See Also

http://www.nessus.org/u?52cc5dba

http://www.nessus.org/u?26fcf218

https://developer.jboss.org/wiki/SecureJBoss?_sscc=t

https://developer.jboss.org/wiki/SecureTheJmxConsole?_sscc=t

Plugin Details

Severity: High

ID: 23842

File Name: jboss_jmx_console_accessible.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 12/14/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/jboss