Service:
Tomcat ,
WildFly ,
JBoss ,
custom dashboards
Protocol:
TCPPort:
8180Used for:
Alternate HTTP interface, often used for web consoles or application backendsWhy It’s Open
Similar to 8080, port 8180 is used for alternate web applications — particularly Java-based servers like Tomcat or JBoss in dev/staging setups.
Common Risks
- Tomcat Manager Interface: Known for default creds (
tomcat:tomcat). - Deserialization Vulnerabilities: Especially in Java-based apps.
- No Auth or Auth Bypass: Many apps running on 8180 are under-secured.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Port check
nmap -p 8180 -sV
curl http://:8180nmap -p 8180 --script http-title,http-authWhat to Look For
| Checkpoint | What it means |
|---|---|
| Exposed management UI | Could allow remote admin |
| Default or weak creds | Risk of full compromise |
| Debug endpoints | May lead to RCE or info leaks |
Known Exploits
- CVE-2017-12615 When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request, leading to remote code execution.
Mitigation
- Disable default web apps (e.g., Tomcat Manager).
- Change or disable default credentials.
- Use HTTPS and IP whitelisting.
- Regularly patch app servers.
Real-World Example
The infamous Jenkins and Tomcat breaches often occurred via exposed web interfaces on ports like 8180 — with attackers uploading webshells or executing arbitrary code.
TL;DR
- Service: Apache Tomcat (Application Server)
- Default Port: 8180
- Risks: Remote code execution via file upload
- Mitigation: Disable HTTP PUT, update Tomcat, restrict access