tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 55931] Security: Tomcat7 opens 2 additional random ports that listen for all IPs when JMX is enabled
Date Fri, 03 Jan 2014 04:03:12 GMT

--- Comment #4 from Konstantin Kolinko <> ---
(In reply to Michael from comment #2)

There are two cases in OP's report
"Case A": without JmxRemoteLifecycleListener
"Case B": with JmxRemoteLifecycleListener

> What is 3-d port opened by Java?

Take a thread dump. You will see what threads actually listen on network ports.
>From there you may guess why.

My result on Fedora 19 with OpenJDK "1.7.0_45" (OpenJDK Client VM (build
24.45-b08, mixed mode, sharing)) running without JmxRemoteLifecycleListener
("Case A") is that I also see 3 open IPv6 ports.

The thread dumps shows that there is one thread named "RMI TCP Accept-9123" and
two threads named "RMI TCP Accept-0" and all three of them have the following
stack trace:

If I add the following to the, it turns on debug logging [1]

CATALINA_OPTS="${CATALINA_OPTS} -Dsun.rmi.transport.tcp.logLevel=VERBOSE"


With the logging I see how those three ports are being opened, but I do not
know why.

I suspect that the cause for the additional port is some bug in initialization
of RMI Registry. As such, it should be fixed in the JRE.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message