JBoss 4.2.3 vulnarability via JMX console? Thoughts..

enda Oct 19, 2011 1:04 PM

Hi,

we have recenlty noticed that it is possible to break in to our server via JMX console that is protected by password (by non GET, non POST request).

Some more:

What we see now is that in the system is running pnscan

---

190xx 196xx 0 09:27 ?

00:00:00 sh -c ./pnscan -r JBoss -w "HEAD / HTTP/1.0\r\n\r\n" -t 6400 16x.22x.0.0/16 80 > /tmp/sess_0088025413980486928597bff226164

190xx 190xx 1 09:27 ?

00:00:02 ./pnscan -r JBoss -w HEAD / HTTP/1.0\r\n\r\n -t 6400 16x.22x.0.0/16 80

----

Some thoughts what is this, and how to protect from vulnerability? Should we just dump JMX console and web console?

Thanks

1. Re: JBoss 4.2.3 vulnarability via JMX console? Thoughts..

jaikiran Oct 19, 2011 1:22 PM (in response to enda)

https://access.redhat.com/kb/docs/DOC-30741
Actions
2. Re: JBoss 4.2.3 vulnarability via JMX console? Thoughts..

enda Oct 19, 2011 1:30 PM (in response to jaikiran)

Will apply, thanks for super fast reply
Actions