Internet-Security raven logo internet-security.com

TCP 5005

ProtocolTCP
Port5005
LabelsReal-time Transport Protocol control protocol (RTCP) (RFC 3551 RFC 4571)

Synopsis

  • The most common real-world use of TCP port 5005 is Java remote debugging via the Java Debug Wire Protocol (JDWP).
  • Many Java servers/apps are run with -agentlib:jdwp=…address=*:5005, including Spring Boot apps, Jenkins, Jetty, Oracle WebLogic, and Apache Tomcat when configured for remote debugging.
  • IDEs like IntelliJ IDEA and Eclipse default their “Remote JVM Debug” configurations to port 5005.
  • Vendor and community docs often show 5005 for troubleshooting Java services such as Atlassian Jira/Confluence, Apache Kafka/Kafka Connect, Elasticsearch, Apache Solr, Hadoop components, SonarQube, and WSO2 servers.
  • In container/orchestration setups (Docker/Kubernetes), Java services commonly expose 5005 for remote debugging in non-production environments.
  • Hacking/exploitation: Exposed JDWP on 5005 is a known RCE vector; attackers scan for it, Metasploit includes an exploit (java_jdwp_debugger), and it has been abused in the wild (e.g., cryptominer deployments) when left open.

Observed activity

Last 30 days Detailed chart

More information