Out-of-date Version (Jolokia)

Severity: Information

Summary#

Invicti identified that the target web site is using Jolokia and detected that it is out of date. Jolokia is an agent based approach for remote JMX access. It is an alternative to standard JSR 160 connectors. The communication between client and agent goes over HTTP (either GET or POST), where the request and response payload is represented in JSON.

Impact#

Since this is an old version of the software, it may be vulnerable to attacks.

Remediation#

Please upgrade your installation of Jolokia to the latest stable version.

Classifications#

ISO27001-A.14.1.2, PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), OWASP 2013-A9, OWASP 2017-A9

Out-of-date Version (Jolokia)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.