We have discovered a security vulnerability in Geronimo, where the management EJB (MEJB) allows unchallenged access to Geronimo internals.
As a temporary workaround you can modify the
config.xml to disable MEJB.
To disable MEJB make the following modifications to the configuration file at
<gbean load="false" name="ejb/mgmt/MEJB"/>
We will be releasing a new version soon to control access to MEJB in a more secure way. This issue will be tracked in JIRA GERONIMO-3456.