This content has been marked as final. Show 2 replies
we have recenlty noticed that it is possible to break in to our server via JMX console that is protected by password (by non GET, non POST request).
What we see now is that in the system is running pnscan
|190xx 196xx 0 09:27 ?||00:00:00 sh -c ./pnscan -r JBoss -w "HEAD / HTTP/1.0\r\n\r\n" -t 6400 16x.22x.0.0/16 80 > /tmp/sess_0088025413980486928597bff226164|
|190xx 190xx 1 09:27 ?||00:00:02 ./pnscan -r JBoss -w HEAD / HTTP/1.0\r\n\r\n -t 6400 16x.22x.0.0/16 80|
Some thoughts what is this, and how to protect from vulnerability? Should we just dump JMX console and web console?