module

Java JMX Server Insecure Configuration Java Code Execution

Disclosed
05/22/2013
Created
05/30/2018

Description

This module takes advantage a Java JMX interface insecure configuration, which would
allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication
disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while
interfaces with authentication enabled will be vulnerable only if a weak configuration
is deployed (allowing to use javax.management.loading.MLet, having a security manager
allowing to load a ClassLoader MBean, etc.).

Authors

Braden Thomasjuan vazquez

Platform

Java

Architectures

java

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use exploit/multi/misc/java_jmx_server
    msf /(r) > show actions
        ...actions...
    msf /(r) > set ACTION < action-name >
    msf /(r) > show options
        ...show and set options...
    msf /(r) > run
  
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.