id: jboss-web-service info: name: JBoss Web Service Console - Detect author: DhiyaneshDK severity: low description: | The JBoss Web Service console discloses the details of the remote system, The console displays all the web services and exposed by the system leading to a potential information disclosure. remediation: Restrict access to the ws service reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JBossWS.java metadata: verified: true max-request: 1 shodan-query: html:"JBossWS" tags: jboss,misconfig http: - method: GET path: - '{{BaseURL}}/jbossws/services' matchers-condition: and matchers: - type: word part: body words: - 'JBossWS/Services' case-insensitive: true - type: word part: body words: - 'no endpoints deployed' negative: true - type: status status: - 200 # digest: 4b0a00483046022100994adf83a52cb8bd4770c61f637e2241ffeadb647753e98d052ffe1f9cdaf6ac0221009c057b596f129446405368b4e767f418aa430a384e67bed42ae44e1ced638fb4:922c64590222798bb761d5b6d8e72950