Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Web Help Desk (WHD) > JMX-RMI vulnerability

JMX-RMI vulnerability

Table of contents

Overview

Example of an article indicating this vulnerability with Java based applications:

http://www.intelligentexploit.com/vi....html?id=22236

Environment

  • VMware Virtual Appliances
  • All WHD versions

Detail

VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack allowing an attacker to achieve remote code execution, providing SYSTEM level access to its hosts.

WHD is safe, JMX vulnerability does not apply to WHD.

 

Nevertheless if you prefer to completely want to disable even local access to JMX agent, please add the following to the "JAVA_OPTS" section of  usr\local\webhelpdesk\conf\whd.conf file
For example,  JAVA_OPTS=-XX:+DisableAttachMechanism
Save and restart WHD for changes to take effect.

 

Last modified
09:39, 28 Mar 2017

Tags

Classifications

Public