Java Applet ProviderSkeleton Insecure Invoke Method
This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
Module Name
exploit/multi/browser/java_jre17_provider_skeleton
Authors
- Adam Gowdiak
- Matthias Kaiser
References
- CVE-2013-2460
- OSVDB-94346
- URL: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- URL: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a
- URL: http://www.security-explorations.com/materials/SE-2012-01-ORACLE-12.pdf
- URL: http://www.security-explorations.com/materials/se-2012-01-61.zip
Targets
- Generic (Java Payload)
- Windows x86 (Native Payload)
- Mac OS X x86 (Native Payload)
- Linux x86 (Native Payload)
Platforms
- java
- linux
- osx
- windows
Architectures
- java
- x86
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/browser/java_jre17_provider_skeleton
msf exploit(java_jre17_provider_skeleton) > show targets
...targets...
msf exploit(java_jre17_provider_skeleton) > set TARGET <target-id>
msf exploit(java_jre17_provider_skeleton) > show options
...show and set options...
msf exploit(java_jre17_provider_skeleton) > exploit
Related Vulnerabilities
- Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2013-204) (multiple CVEs)
- DSA-2722-1 openjdk-7 -- several vulnerabilities
- Gentoo Linux: CVE-2013-2460: Oracle JRE/JDK: Multiple vulnerabilities
- HP-UX: CVE-2013-2460: Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- Java CPU June 2013 Java Runtime Environment Serviceability vulnerability (CVE-2013-2460)
- ELSA-2013-0957 Critical: Oracle Linux java-1.7.0-openjdk security update
- ELSA-2013-0958 Important: Oracle Linux java-1.7.0-openjdk security update
- RHSA-2013:0957: java-1.7.0-openjdk security update
- RHSA-2013:0958: java-1.7.0-openjdk security update
- RHSA-2013:0963: java-1.7.0-oracle security update
- RHSA-2013:1060: java-1.7.0-ibm security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- SUSE Linux Security Vulnerability: CVE-2013-2460
- USN-1907-1: OpenJDK 7 vulnerabilities