Description

JBoss web service console is enabled on this server. All supported stacks provide a web console for getting the list of the endpoints currently deployed on a given host as well as basic metrics regarding invocations to them. The console is available at http://localhost:8080/jbossws/services assuming your application server is currently bound to localhost:8080.

Remediation

Restrict access to the JBoss web service console.

References

Web-Based Admin Consoles: The Critical, Overlooked ... - BeyondTrust

Web application abuses : JBoss Console and Web Management ...

Related Vulnerabilities

ZK Framework AuUploader Information Disclosure (CVE-2022-36537)

SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)

WordPress Plugin Clone Information Disclosure (2.4.2)

Laravel log file publicly accessible

WordPress REST API User Enumeration

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure