Skip to content
PortsDB

Port reference

Port 8080 (TCP) – HTTP Alternate / Proxy

Alternate HTTP — app servers, proxies, and admin dashboards, often unencrypted.

tcpRegisteredCommonly attacked

Default state

Open when an app server (Tomcat, Jenkins, etc.) or proxy is running. Frequently exposed to the internet by accident behind no TLS.

Common attacks

  • Exposed admin dashboards and consoles with default/no auth
  • Cleartext interception (often plain HTTP, not TLS)
  • Open proxy abuse and SSRF pivoting
  • App-server and framework exploitation (e.g. Tomcat, Jenkins) and scanning

Hardening

  • Never expose 8080 to the internet directly; bind to localhost or an internal VLAN
  • Put it behind a TLS-terminating reverse proxy and require auth
  • Disable default accounts and management/manager apps
  • Restrict by IP allowlist / VPN and patch the app server
  • Disable open-proxy behaviour and log access

nmap snippet

nmap -p8080 --script http-title,http-headers,http-enum,http-open-proxy <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 8080?

Port 8080 is the most common alternate HTTP port. It is the default for many application servers (Apache Tomcat, Jenkins, JBoss), HTTP proxies, and developer or admin dashboards, and is often used when port 80 is taken or when a service runs without root privileges. Crucially, 8080 usually serves plain HTTP, so unless TLS is added in front, traffic is unencrypted.

Why it matters for security

Services on 8080 are frequently stood up for convenience and then exposed to the internet by accident. Admin consoles, CI/CD interfaces, and management apps on this port routinely ship with default or missing authentication, and a single exposed Jenkins or Tomcat manager can mean full server compromise. Because it is cleartext by default, credentials and tokens can also be sniffed.

How it's attacked

Attackers scan for exposed dashboards and consoles and log in with default or absent credentials. They abuse open proxies on 8080 to relay traffic or pivot via SSRF into internal networks. App-server and framework exploits — such as Tomcat manager deploys or Jenkins RCE chains — are common, and cleartext traffic is intercepted for credentials.

Hardening checklist

Never expose 8080 directly to the internet — bind it to localhost or an internal VLAN and reach it through a TLS-terminating reverse proxy that requires authentication. Remove default accounts and disable manager / management apps you don't need. Restrict access by IP allowlist or VPN, turn off any open-proxy behaviour, and keep the app server patched. The nmap snippet checks titles, headers, common paths, and open-proxy status on systems you are authorized to test.

Related ports

Port 80Port 443Port 8443Port 3128

Frequently asked questions

What is port 8080 used for?
It is a common alternate HTTP port for application servers (Tomcat, Jenkins), proxies, and admin dashboards. It typically runs plain HTTP, so traffic is often unencrypted.
Is it safe to leave port 8080 open?
Not on the internet. Exposed 8080 frequently reveals admin consoles or open proxies with weak or no authentication. Bind it internally or front it with an authenticated TLS reverse proxy.