Description

JBoss web service console is enabled on this server. All supported stacks provide a web console for getting the list of the endpoints currently deployed on a given host as well as basic metrics regarding invocations to them. The console is available at http://localhost:8080/jbossws/services assuming your application server is currently bound to localhost:8080.

Remediation

Restrict access to the JBoss web service console.

References

Web-Based Admin Consoles: The Critical, Overlooked ... - BeyondTrust

Web application abuses : JBoss Console and Web Management ...

Related Vulnerabilities

WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)

WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)

WordPress Plugin Advanced Woo Search Information Disclosure (1.99)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure