Description

The J2EE application use System.exit(), it is undesirable for a web application to attempt to shut down the application container. Accessing a function that can shut down the application is an avenue for denial of service (DoS) attacks.

Impact

- Temporarily or permanently deny access to the application resource.

Recommendation

Delegate shutdown functions only to privileged and duly authorized accesses.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

Fixes