Due to a possible information disclosure issue, remove access to the JBoss status page by following these steps for your version of the application server.
Step1: Go to jboss deploy folder (ex: cd /usr/local/jboss/server/default/deploy)
Step2: execute locate command as below
# find . -iname ROOT.war
Step3: Based on the output switch to the ROOT.war directory
Step4: Go to WEB_INF directory which will be under ROOT.war directory (ex: .../deploy/jboss-web.deployer/ROOT.war/WEB-INF/)
Step5: find web.xml file and open using vim editor
Step 6: Comment out the servlet and servlet-mapping tags as follows:
<!-- <servlet>
<servlet-name>Status Servlet</servlet-name>
<servlet-class>org.jboss.web.tomcat.service.StatusServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Status Servlet</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping> -->
3
Save and close the file.
Step1: Go to jboss deploy folder (ex: cd /usr/local/jboss/server/default/deploy)
Step2: execute locate command as below
# find . -iname ROOT.war
Step3: Based on the output switch to the ROOT.war directory
Step4: Go to WEB_INF directory which will be under ROOT.war directory (ex: .../deploy/jboss-web.deployer/ROOT.war/WEB-INF/)
Step5: find web.xml file and open using vim editor
Step 6: Comment out the servlet and servlet-mapping tags as follows:
<!-- <servlet>
<servlet-name>Status Servlet</servlet-name>
<servlet-class>org.jboss.web.tomcat.service.StatusServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Status Servlet</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping> -->
3
Save and close the file.
No comments:
Post a Comment