JavaMelody Interface Detected

Severity: Medium
Summary#

Invicti detected that JavaMelody interface is publicly accessible.

Information disclosed from this page can be used to gain additional information about the target system.

Impact#

An attacker can gather reconnaissance information about the internals of the target web server, such as:

  • Java memory used
  • CPU percentage used by the Java process
  • The number of HTTP sessions or connected users
  • The number of active threads or current HTTP requests
  • The number of active JDBC connections or current SQL requests
  • The number of executions of requests per minute
  • The mean time for requests
  • The percentage of system errors
  • Other information related to JVM or the operating system


This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available.

Remediation#

We recommend disabling this functionality. If this is not possible, it is recommended to restrict access to this page.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo