Summary #

Netsparker identified a version disclosure (Jolokia) in the target web server's HTTP response. Jolokia is an agent-based approach for remote JMX access. It is an alternative to standard JSR 160 connectors. The communication between client and agent goes over HTTP (either GET or POST), where the request and response payload is represented in JSON.

Impact #
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remediation #

Restrict access to the /jolokia path on the web server where Jolokia is deployed

Classifications #
CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo