module
Java RMIConnectionImpl Deserialization Privilege Escalation
Disclosed | Created |
---|---|
Mar 31, 2010 | May 30, 2018 |
Disclosed
Mar 31, 2010
Created
May 30, 2018
Description
This module exploits a vulnerability in the Java Runtime Environment
that allows to deserialize a MarshalledObject containing a custom
classloader under a privileged context. The vulnerability affects
version 6 prior to update 19 and version 5 prior to update 23.
that allows to deserialize a MarshalledObject containing a custom
classloader under a privileged context. The vulnerability affects
version 6 prior to update 19 and version 5 prior to update 23.
Authors
Sami Koivu
Matthias Kaiser
egypt egypt@metasploit.com
Matthias Kaiser
egypt egypt@metasploit.com
Platform
Java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.