Description

JBoss web service console is enabled on this server. All supported stacks provide a web console for getting the list of the endpoints currently deployed on a given host as well as basic metrics regarding invocations to them. The console is available at http://localhost:8080/jbossws/services assuming your application server is currently bound to localhost:8080.

Remediation

Restrict access to the JBoss web service console.

References

Related Vulnerabilities