This morning i received from the auditors a scanner result for our jboss server and we need to solve three important issues, but honestly i was googling for a while and nothing found. if any one know or have any clue how to solve, i will appreciate. We are running jboss 5.0.1 on (windows 2003 x64)
.- JBoss HttpAdaptor JMXInvokerServlet is Accessible to Unauthenticated Remote Users
.- JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users.
.- TLS Protocol Session Renegotiation Security Vulnerability
I am experiencing the same problem. Qualys security scan is angry about these two servlets. Could not find a way how to make "JMXInvokerServlet" and "EJBInvokerServlet" non-vulnerable.
Any updates so far?