2 Replies Latest reply on Oct 19, 2011 1:30 PM by Tomas Cerny

    JBoss 4.2.3 vulnarability via JMX console? Thoughts..

    Tomas Cerny Novice



      we have recenlty noticed that it is possible to break in to our server via JMX console that is protected by password (by non GET, non POST request).


      Some more:




      What we see now is that in the system is running pnscan


      190xx 196xx 0 09:27 ?    00:00:00 sh -c ./pnscan -r JBoss -w "HEAD / HTTP/1.0\r\n\r\n" -t 6400 16x.22x.0.0/16 80 > /tmp/sess_0088025413980486928597bff226164
      190xx 190xx 1 09:27 ?    00:00:02 ./pnscan -r JBoss -w HEAD / HTTP/1.0\r\n\r\n -t 6400 16x.22x.0.0/16 80



      Some thoughts what is this, and how to protect from vulnerability? Should we just dump JMX console and web console?