Support #13585
[SCP ID :##6748##] : VAPT Finding - JBoss Admin Interface Access
Status: | Closed - End of life cycle | Start date: | August 01, 2023 | |
---|---|---|---|---|
Priority: | Immediate | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | MY RIB | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Received from IT Ops team on below VAPT findings. Please help us to understand the issue and recommendations provided.
VAPT 2021
#
Type
Reference
Severity
Findings
Action required
Status
Remarks
1
I
2021/IPT-005
Low
JBoss Application Server may not properly restrict access to the administrative interface
Only allow authenticated administrative access
Open
Penril Ticket ID 6649. Remote session with Penril on 5th July. ITAI/ITAS to decide option for remediation. Q3 2023.
History
#1 Updated by Hafizudin MD 10 months ago
- Assignee changed from Hafizudin MD to Lizahwati Basirun
- % Done changed from 0 to 50
From CF
Hi Shikin,
Step 1: Stop/Shutdown Jboss application server.
Step 2: Clear /tmp in Jboss application server directory – '/opt/jboss501/tmp'
Step 3: Rename/Remove the Jboss console war file in the following path. – both have to rename / remove? A; Yes, both have to rename/remove.
A.'/opt/jboss501/server/default/deploy/jmx-console.war'.
B '/opt/jboss501/server/node/deploy/jmx-console-activator-jboss-beans.xml'.
#2 Updated by Lizahwati Basirun 10 months ago
- Status changed from New - Begin Life Cycle to Pending Customer Feedback
- Assignee changed from Lizahwati Basirun to Zahir Abd Latif
- % Done changed from 50 to 70
#3 Updated by Zahir Abd Latif 8 months ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- % Done changed from 70 to 100
Already sent email Fri 12/29/2023 2:55 PM to closed.