Compromising Apache Tomcat via JMX access
This blog post focuses on some interesting features of a Tomcat server configured to expose the Java Management Extension (JMX) service to external network interfaces for remote monitoring and management purposes. These features might be abused by an attacker to gain control over a system by using the JConsole tool that ships with the Java […]