JBOSS Vulnerability [PCI Scan]

rfders2001 Jun 8, 2011 8:43 PM

This morning i received from the auditors a scanner result for our jboss server and we need to solve three important issues, but honestly i was googling for a while and nothing found. if any one know or have any clue how to solve, i will appreciate. We are running jboss 5.0.1 on (windows 2003 x64)

Scan vulnerability:

   .- JBoss HttpAdaptor JMXInvokerServlet is Accessible to Unauthenticated Remote Users
   .- JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users.
   .- TLS Protocol Session Renegotiation Security Vulnerability

1. Re: JBOSS Vulnerability [PCI Scan]

foreigner Nov 21, 2012 9:05 AM (in response to rfders2001)

I am experiencing the same problem. Qualys security scan is angry about these two servlets. Could not find a way how to make "JMXInvokerServlet" and "EJBInvokerServlet" non-vulnerable.

Any updates so far?
Actions