Java Applet ProviderSkeleton Insecure Invoke Method
This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
Module Name
exploit/multi/browser/java_jre17_provider_skeleton
Authors
- Adam Gowdiak
- Matthias Kaiser
References
- CVE-2013-2460
- OSVDB-94346
- URL: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- URL: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a
- URL: http://www.security-explorations.com/materials/SE-2012-01-ORACLE-12.pdf
- URL: http://www.security-explorations.com/materials/se-2012-01-61.zip
Targets
- Generic (Java Payload)
- Windows x86 (Native Payload)
- Mac OS X x86 (Native Payload)
- Linux x86 (Native Payload)
Platforms
- java
- linux
- osx
- windows
Architectures
- java
- x86
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/browser/java_jre17_provider_skeleton
msf exploit(java_jre17_provider_skeleton) > show targets
...targets...
msf exploit(java_jre17_provider_skeleton) > set TARGET <target-id>
msf exploit(java_jre17_provider_skeleton) > show options
...show and set options...
msf exploit(java_jre17_provider_skeleton) > exploit
Related Vulnerabilities
- SUSE Linux Security Advisory: SUSE-SU-2013:1254-1
- CESA-2013:0957: java-1.7.0-openjdk security update
- ELSA-2013-0957 Critical: Oracle Linux java-1.7.0-openjdk security update
- RHSA-2013:0957: java-1.7.0-openjdk security update
- RHSA-2013:0963: java-1.7.0-oracle security update
- CESA-2013:1060: java-1.7.0-ibm security update
- DSA-2722-1 openjdk-7 -- several vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2013-2460
- Java CPU June 2013 Java Runtime Environment Serviceability vulnerability (CVE-2013-2460)
- Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2013-204) (multiple CVEs)
- USN-1907-1: OpenJDK 7 vulnerabilities
- ELSA-2013-0958 Important: Oracle Linux java-1.7.0-openjdk security update
- CESA-2013:0963: java-1.7.0-oracle security update
- RHSA-2013:1060: java-1.7.0-ibm security update
- SUSE Linux Security Advisory: SUSE-SU-2013:1256-1
- CESA-2013:0958: java-1.7.0-openjdk security update
- RHSA-2013:0958: java-1.7.0-openjdk security update