Question & Answer
Question
You detected the following vulnerability after enabling the Java debug port in your development environment:
Java Debug Wire Protocol Remote Code Execution Vulnerability
Description : The remote server is running Java Debug Wire Protocol service. No authentication is required if the service is enabled.
QID Detection Logic (Authenticated):
This QID executes command "ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,command | grep -i -E "(Xrunjdwp:|agentlib:jdwp=)[^ ].*(server=y[^ ])"|grep -v -i -E "address=(localhost|127\.0\.0\.1[^0-9])"|grep -v grep" lists all found process with "jdwp" on non-localhost.
QID Detection Logic (Unauthenticated):
This QID connects the remote JDWP port without authentication.
Remediation notes from Vulnerable Item
Disable the service or filter the incoming traffic.
You are looking for recommendations to address this vulnerability.
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"ARM Category":[{"code":"a8m3p000000hBYDAA2","label":"ACE-\u003EVulnerabilities"}],"ARM Case Number":"TS014332734","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
More support for:
IBM App Connect Enterprise
Component:
ACE->Vulnerabilities
Software version:
All Versions
Operating system(s):
Linux, Windows
Document number:
7101006
Modified date:
28 April 2025
UID
ibm17101006
Manage My Notification Subscriptions