1 Reply Latest reply on Aug 10, 2011 4:45 AM by petal1

    Can someone try to attack my JBoss instance by issuing JMX commands over HTTP?

    petal1 Newbie

      Hello,

       

      Can someone try to attack my JBoss instance by issuing JMX commands over HTTP?

       

      The reason I ask is that I saw this exception in my log file today and I was wondering if it was caused by an attempted attack?

       

      ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jmx-console].[HtmlAdaptor]] (http-0.0.0.0-8080-1:) Servlet.service() for servlet HtmlAdaptor threw exception

      javax.management.InstanceNotFoundException: jboss.admin:service=DeploymentFileRepository is not registered.

              at org.jboss.mx.server.registry.BasicMBeanRegistry.get(BasicMBeanRegistry.java:523)

              at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:653)

              at org.jboss.jmx.adaptor.control.Server.invokeOpByName(Server.java:258)

              at org.jboss.jmx.adaptor.html.HtmlAdaptorServlet.invokeOpByName(HtmlAdaptorServlet.java:287)

              at org.jboss.jmx.adaptor.html.HtmlAdaptorServlet.processRequest(HtmlAdaptorServlet.java:102)

              at org.jboss.jmx.adaptor.html.HtmlAdaptorServlet.doGet(HtmlAdaptorServlet.java:77)

              at javax.servlet.http.HttpServlet.doHead(HttpServlet.java:270)

              at javax.servlet.http.HttpServlet.service(HttpServlet.java:714)

              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)

              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)

              at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)

              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)

              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)

              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)

              at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)

              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)

              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)

              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)

              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)

              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)

              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)

              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)

              at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)

              at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)

              at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)

              at java.lang.Thread.run(Thread.java:595)

       

      JBoss version is 4.0.4GA.

       

      Thank you,

      Paul