2025-11-12 12:49:10 +04:00
id : unauth-java-message-broker-detect
2025-11-11 13:05:47 +01:00
info :
2025-11-12 12:49:10 +04:00
name : Unauthenticated Java Message Broker - Detect
2025-11-11 13:05:47 +01:00
author : matejsmycka
severity : low
description : |
2025-11-12 12:49:10 +04:00
Detection of a Java Message Service (JMS) broker, typically used by Oracle GlassFish Message Queue and Payara Application Server. This port should remain closed to the internet, as it enables unauthenticated access to messaging services.
2025-11-11 13:05:47 +01:00
metadata :
verified : true
2025-11-12 12:49:10 +04:00
shodan-query : product:"Java Message Service"
2025-11-14 13:13:57 +05:30
tags : network,tcp,jms,openmq,unauth
2025-11-11 13:05:47 +01:00
2025-11-19 00:02:42 +05:30
tcp :
2025-11-11 13:05:47 +01:00
- inputs :
2025-11-12 12:49:10 +04:00
- data : "\n"
2025-11-11 13:05:47 +01:00
host :
- "{{Host}}:7676"
matchers :
- type : word
words :
- "101 imqbroker"
2025-11-12 12:49:10 +04:00
- "cluster_discovery"
condition : and
2025-11-11 13:05:47 +01:00
extractors :
- type : regex
regex :
2025-11-18 19:10:57 +00:00
- "imqbroker ([0-9.]+)"
2026-01-06 11:35:14 +00:00
# digest: 4a0a00473045022016fe5634555ab6a448336f42ab3aa7d5f119c81a6ac4411ae7a7315a8fbccab2022100e3ae8339d3edc941a43f62b65b89658e1c4a511c35605cd80c2bce6139b6c5aa:922c64590222798bb761d5b6d8e72950
