• Close
  • Back to search

    Java RMIConnectionImpl Deserialization Privilege Escalation

    This module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

    Free Metasploit Download

    Get your copy of the world's leading penetration testing tool

     Download Now

    Module Name

    exploit/multi/browser/java_rmi_connection_impl

    Authors

    • Sami Koivu
    • Matthias Kaiser
    • egypt <egypt [at] metasploit.com>

    References

    Targets

    • Generic (Java Payload)

    Platforms

    • java

    Architectures

    • java

    Reliability

    Development

    Module Options

    To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

    msf > use exploit/multi/browser/java_rmi_connection_impl msf exploit(java_rmi_connection_impl) > show targets ...targets... msf exploit(java_rmi_connection_impl) > set TARGET <target-id> msf exploit(java_rmi_connection_impl) > show options ...show and set options... msf exploit(java_rmi_connection_impl) > exploit

    Related Vulnerabilities