JavaMelody Interface Detected
Summary#
Invicti detected that JavaMelody interface is publicly accessible.
Information disclosed from this page can be used to gain additional information about the target system.
Impact#
An attacker can gather reconnaissance information about the internals of the target web server, such as:
- Java memory used
- CPU percentage used by the Java process
- The number of HTTP sessions or connected users
- The number of active threads or current HTTP requests
- The number of active JDBC connections or current SQL requests
- The number of executions of requests per minute
- The mean time for requests
- The percentage of system errors
- Other information related to JVM or the operating system
This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available.
Remediation#
We recommend disabling this functionality. If this is not possible, it is recommended to restrict access to this page.
Classifications#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Related Vulnerabilities