Hi,
we have recenlty noticed that it is possible to break in to our server via JMX console that is protected by password (by non GET, non POST request).
Some more:
http://www.exploit-db.com/exploits/17977/
http://www.jboss.com/products/platforms/application/components/#JEAP4.3
What we see now is that in the system is running pnscan
---
190xx 196xx 0 09:27 ? | 00:00:00 sh -c ./pnscan -r JBoss -w "HEAD / HTTP/1.0\r\n\r\n" -t 6400 16x.22x.0.0/16 80 > /tmp/sess_0088025413980486928597bff226164 |
190xx 190xx 1 09:27 ? | 00:00:02 ./pnscan -r JBoss -w HEAD / HTTP/1.0\r\n\r\n -t 6400 16x.22x.0.0/16 80 |
----
Some thoughts what is this, and how to protect from vulnerability? Should we just dump JMX console and web console?
Thanks