Avoiding JBoss 6 vulnerability of JMX Console, EJBInvokerServlet and JMXInvokerServlet
Out of the box installation of Jboss will get you a lot of useful utilities to administer your application server as per your need. But, when accessible from the open internet, these utilities will need to be secured so hackers can't exploit these vulnerability by submitting their requests in order to gain access to the server: EJBInvokerServlet and JMXInvokerServlet Shutdown the JBoss application server Remove the /tmp and /work directories Remove the following folders from the JBoss expanded package: Jboss-home/server/default/deploy/http-invoker.sar Jboss-home/server/default/deploy/jmx-console.war Jboss-home/server/default/deploy/jmx-console-activator-jboss-beans.xml Restart the server and the following URLs shouldn't be accessible: http://localhost:8080/invoker/EJBInvokerServlet http://localhost:8080/invoker/JMXInvokerServlet