Monitoring

Jolokia JMX access

Jolokia is a bridge to access Java Management Extension (JMX) via HTTP. For a full description of Jolokia and its possibilities read the Jolokia reference manual (https://jolokia.org/reference/html/index.htmlopen in new window).

OX App Suite middleware uses Jolokia to make JMX information readable to a server admin. For information on how to configure and set access to Jolokia please visit our implementation manual for Jolokia (https://documentation.open-xchange.com/7.10.0/middleware/components/monitoring/jolokia.htmlopen in new window).

Potential Security Risk

Based on the extensibility of OX App Suite middleware to use a custom written jolokia-access.xml file it is possible to configure Jolokia such that there is no server side limitation to the use of Jolokia. If the file does define external access to Jolokia that is what will happen, and clearly this is not recommended, since anyone with knowledge of the Jolokia username and password can access Jolokia with every command that is not restricted in the jolokia-access.xml. This can possibly lead to an attack where an attacker creates a heapdump. By doing so, sensitive information will be written, and even a short unavailability of OX App Suite middleware is caused. In this scenario it could even be possible for an attacker to gain access to the written file and download it via OX App Suite middleware.

Current implementation and completeness

The latest version of Jolokia is fully integrated into OX App Suite middleware. To prevent the potential security risk described above OX App Suite middleware implements it's own restrictors (https://jolokia.org/reference/html/security.htmlopen in new window).

Remote access denied

In this case, Jolokia is configured only to be accessible on localhost the complete functionality of Jolokia is available. In this case there is no attack surface provided by Jolokia that a remote attacker could use. This setting is the default.

Remote access allowed

In this case, Jolokia is configured to allow access from inside the network another restrictor is used. The OX App Suite specific restrictor described above denies all writing operations possible by Jolokia. Furthermore exec, regnotif and remnotif are denied as well. An exception is made for the exec operation of getMemoryCacheCount. This specific call is used within running scripts running on OX App Suite middleware. In the case that a distributed XML file is unreadable the OX App Suite specific restrictor is used as fall back. It will use the provided information using the localhost restriction.