漏洞类别:Local
漏洞等级: 
漏洞信息
JMX authentication not enabled on localhost interface detected on the system.
QID Detection Logic (Authenticated):
This QID executes "ps auxf | grep -E "(jmxremote.host=localhost|jmxremote.host=127.0.0.1)"" commands to list all the running process on localhost interfaces then posts if any vulnerable process uses this insecure configuration "com.sun.management.jmxremote.authenticate=false"".
漏洞危害
Successful exploitation could lead to SSRF attacks or privilege escalation.
解决方案
Enable authentication on JMX
0daybank
文章评论