Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > JMX-RMI vulnerability in Web Help Desk

JMX-RMI vulnerability in Web Help Desk

Table of contents

Last updated: March 6, 2019

Overview

The following article provides an example of how the Java Management Extensions/Java Remote Method Invocation (JMX/RMI) vulnerability can impact Java-based applications:

Vulnerability and Exploit Database

Environment

  • All WHD versions

Detail

It was discovered that VMware vCenter® binds an unauthenticated JMX/RMI service to the network stack, allowing an attacker to achieve remote code execution and provide SYSTEM-level access to its hosts.

Web Help Desk is safe. The JMX Vulnerability does not apply to Web Help Desk.

If you choose to disable local access to the JMX agent, perform the following steps:

 

For Linux:

  1. Log in to the appliance as an administrator.
  2. Navigate to:
    usr\local\webhelpdesk\conf\
  3. Open the whd.conf file using a text editor (such as Notepad).
  4. Scroll down to the JAVA_OPTS section and add the following parameters:
    JAVA_OPTS="-XX:+DisableAttachMechanism -Dsun.rmi.transport.tcp.maxConnectionThreads=0"
  5. Save and close the file.
  6. Restart Web Help Desk to enable the changes. 

 

For Windows:

  1. Stop Web Help Desk.
  2. Navigate to:
    <WebHelpDesk>\bin\wrapper\conf\
  3. Open the wrapper.conf file using a text editor (such as Notepad).
  4. Scroll down to the Java Additional Parameters section and add the following parameters:

    Make sure that .18 and .19 are the next numbers in sequence.

    wrapper.java.additional.18=-XX:+DisableAttachMechanism

    wrapper.java.additional.19=-Dsun.rmi.transport.tcp.maxConnectionThreads=0

  5. Save and close the file.
  6. Restart Web Help Desk to enable the changes. 

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public