Submit a ticketCall us

WebinarWebinar: A checklist for planning your Network Performance Monitor (NPM) upgrade

Are you ready for your next upgrade? To help you plan smoothly, join this webcast to learn more about, SolarWinds® Orion® Installer, SolarWinds Upgrade Advisor, Upgrades Guides, Training Videos, and other resources available. We’ll share key upgrade planning considerations, lessons learned from customers with practical advice from SolarWinds Product Experts. We’ll also give practical tips to identify the estimated time needed and resources, how to prepare the business and IT staff for changes, ways to plan for required system changes, and more.

Register now.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > JMX-RMI vulnerability in Web Help Desk

JMX-RMI vulnerability in Web Help Desk

Table of contents

Overview

The following article provides an example of how the Java Management Extensions/Java Remote Method Invocation (JMX/RMI) vulnerability can impact Java-based applications:

Vulnerability and Exploit Database

Environment

  • All WHD versions

Detail

It was discovered that VMware vCenter® binds an unauthenticated JMX/RMI service to the network stack, allowing an attacker to achieve remote code execution and provide SYSTEM-level access to its hosts.

Web Help Desk is safe. The JMX Vulnerability does not apply to Web Help Desk.

If you choose to disable local access to the JMX agent, perform the following steps:

 

For Linux:

  1. Log in to the appliance as an administrator.
  2. Navigate to:
    usr\local\webhelpdesk\conf\
  3. Open the whd.conf file using a text editor (such as Notepad).
  4. Scroll down to the JAVA_OPTS section and add the following parameters:
    JAVA_OPTS="-XX:+DisableAttachMechanism -Dsun.rmi.transport.tcp.maxConnectionThreads=0"
  5. Save and close the file.
  6. Restart Web Help Desk to enable the changes. 

 

For Windows:

  1. Stop Web Help Desk services.
  2. Navigate to C:\Program Files\WebHelpDesk\bin\wrapper\conf\:
  3. Open the wrapper_template.conf file using a text editor (such as Notepad).
  4. Scroll down to the Java Additional Parameters section and add the following parameters (**note**Please make sure that .18 & .19 is the next number in sequence):

    wrapper.java.additional.18=-XX:+DisableAttachMechanism

    wrapper.java.additional.19=-Dsun.rmi.transport.tcp.maxConnectionThreads=0

  5. Save and close the file.
  6. Restart Web Help Desk to enable the changes. 

 

Last modified

Tags

Classifications

Public