Administration page (JBoss JMX)

  • WASC 34
  • CWE 425

In the default configuration, after JBoss is installed, the JMX console is available at http://localhost:8080/jmx-console. The JMX console can be used to display the JNDI tree, dump the list of threads, redeploy an application or even shutdown the application server. By default, the console is not secured and can be used by remote attackers.

Remediation

Restrict access to JMX Management Console.