Java Debug Wire Protocol Remote Code Execution Vulnerability - joss
Our security team found below issue with JDWP in jboss. How can I fix this ?
-Djavax.net.ssl.trustStorePassword=changeit -Dhttps.protocols=TLSv1 -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dorg.jboss.boot.log.file=/
Title: Java Debug Wire Protocol Remote Code Execution Vulnerability
Severity: Critical
Description
Affected Hosts
- IP address:tcp/8787
The remote server is running Java Debug Wire Protocol service. No authentication is required if the service is enabled.
The vulnerabilities can be exploited by malicious users to execute arbitrary code.
Remediation
Disable the service
Proof of Concept
Java Debug Wire Protocol Remote Code Execution Vulnerability detected on port 8787 over TCP.
Thanks, Vishnu
Answer
You just need to disable the remote debugging. Change your command options to:
-Djavax.net.ssl.trustStorePassword=changeit -Dhttps.protocols=TLSv1 -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dorg.jboss.boot.log.file=/