Back to search

Java RMIConnectionImpl Deserialization Privilege Escalation

This module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/browser/java_rmi_connection_impl

Authors

  • Sami Koivu
  • Matthias Kaiser
  • egypt <egypt [at] metasploit.com>

References

Targets

  • Generic (Java Payload)

Platforms

  • java

Architectures

  • java

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/java_rmi_connection_impl msf exploit(java_rmi_connection_impl) > show targets ...targets... msf exploit(java_rmi_connection_impl) > set TARGET <target-id> msf exploit(java_rmi_connection_impl) > show options ...show and set options... msf exploit(java_rmi_connection_impl) > exploit

Related Vulnerabilities