Detections
Analytics
JBoss JMX Console Unrestricted Access
high Nessus Plugin ID 23842
Language:
Synopsis
The remote web server allows unauthenticated access to an administrative Java servlet.Description
The remote web server appears to be a version of JBoss that allows unauthenticated access to the JMX and/or Web Console servlets used to manage JBoss and its services. A remote attacker can leverage this issue to disclose sensitive information about the affected application or even take control of it.Solution
Secure or remove access to the JMX and/or Web Console using the advanced installer options.See Also
http://www.nessus.org/u?52cc5dba
http://www.nessus.org/u?26fcf218
https://developer.jboss.org/wiki/SecureJBoss?_sscc=t
https://developer.jboss.org/wiki/SecureTheJmxConsole?_sscc=t
Plugin Details
Severity: High
ID: 23842
File Name: jboss_jmx_console_accessible.nasl
Version: 1.18
Type: remote
Family: CGI abuses
Published: 12/14/2006
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/jboss