JBoss also discloses its version number and build information in the HTTP response headers, as in the following screenshot. We can locate the version and build information in the X-Powered-By HTTP response header. This is visible even when the admin console or web console is not accessible, as applications deployed in JBoss are not configured to hide the header:

Most threat actors detect that JBoss AS is being used by searching the same header information on Shodan, Censys, and so on. At the time of writing this book, there are over 19,000 JBoss AS servers that are potentially exploitable if they are not securely configured:

Threat actors look for this information and run an automated scanner to find the vulnerable JBoss instances for exploitation. Once exploited, JBoss can open doors for actors to enter the network of an organization.