Summary

Acunetix 360 identified a version disclosure (Jolokia) in the target web server's HTTP response. Jolokia is an agent-based approach for remote JMX access. It is an alternative to standard JSR 160 connectors. The communication between client and agent goes over HTTP (either GET or POST), where the request and response payload is represented in JSON.

Impact

An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Remediation

Restrict access to the /jolokia path on the web server where Jolokia is deployed

Severity

Low

Classification

CAPEC-170 CWE-205 HIPAA-164.306(a) 164.308(a) ISO27001-A.18.1.3 WASC-13 OWASP 2013-A5 OWASP 2017-A6