Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
geoserver/web/
GeoServer
What an attacker could do
The GeoServer web admin console allows configuring data stores and the WPS/OGC services, so reaching it enables exploitation of evaluation-expression RCE (CVE-2024-36401) or credential brute force to seize the server.
How to defend it
Block /geoserver/web/ from public access via firewall or reverse-proxy ACLs, enforce strong non-default admin credentials, and keep GeoServer and its GeoTools/commons-jxpath dependencies patched.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation