Saturday, July 16, 2011

Java RMI Server Insecure Default Configuration Java Code Execution

Now this is interesting, a Java RMI remote code execution due to a default method being exposed by the distributed garbage collector. It is going to be a fun one to test!

The Metasploit page can be found here:

Update: Confirmed as working. It does rely on the RMI service being tunneled over HTTP. This particular exploit won't work directly with the typical JRMP services, but I am sure a similar vulnerability will exist. Warrants further digging....

No comments: