JolokiaPwn: Java Web Server Vulnerability

A vulnerability in the Jolokia Java management extension (JMX) allows server information to be passed to an unauthorised user. A remote attacker could exploit this to gain access to sensitive data or cause a denial-of-service on a targeted device.

Threat ID:: CC-2517
Category:: Exploit
Threat Severity:: Medium
Threat Vector:
Published:: 28 June 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Threat details

Jolokia is a widely-used JMX, a Java-based technology used to provide administration and monitoring tools for web applications and resources. These are represented by objects called MBeans. Jolokia uses WebArchive (WAR) agents called jolokia.war to offer services to deployed applications. By default jolokia.war are insecure, requiring modification of their web.xml component to secure them. If an unsecured agent is then deployed and no further security features, such as a firewall, are used it can be exposed to the Internet.

Most Java servers will export large quantities of information over JMX using MBeans. A remote attacker could send commands to these MBeans through Jolokia to access this information. Information shown to be accessible includes:

Server information
Session ID lists
Database attributes and details

Remediation steps

Type	Step
	Jolokia 1.6.0 has been confirmed to rectify this vulnerability. Users should update their affected systems in line with their standard patching process. If users are unable to update to 1.6.0 the Jolokia reference manual provides details on how to secure jolokia.war agents.

Last edited: 17 February 2020 12:46 pm