[Snort-sigs] JBoss jmx-console sig

Jon Hart jhart at ...288...
Fri Jun 2 18:44:12 EDT 2006


I find this signature fairly useful, as JBoss is quite popular and by
default the jmx-console is unprotected.  Complete exploitation of the
app or underlying OS is only limited by what beans are exposed via JBoss
and the attacker's creativity.  Enjoy:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"JBoss
jmx-console access"; flow:to_server,established;
uricontent:"/jmx-console"; sid:12345678;)

-jon




More information about the Snort-sigs mailing list