Java JMX Server Insecure Configuration Java Code Execution
This module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while interfaces with authentication enabled will be vulnerable only if a weak configuration is deployed (allowing to use javax.management.loading.MLet, having a security manager allowing to load a ClassLoader MBean, etc.).
Module Name
exploit/multi/misc/java_jmx_server
Authors
- Braden Thomas
- juan vazquez <juan.vazquez [at] metasploit.com>
References
Targets
- Generic (Java Payload)
Platforms
- java
Architectures
- java
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/misc/java_jmx_server
msf exploit(java_jmx_server) > show targets
...targets...
msf exploit(java_jmx_server) > set TARGET <target-id>
msf exploit(java_jmx_server) > show options
...show and set options...
msf exploit(java_jmx_server) > exploit