Back to search

Java JMX Server Insecure Configuration Java Code Execution

This module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while interfaces with authentication enabled will be vulnerable only if a weak configuration is deployed (allowing to use javax.management.loading.MLet, having a security manager allowing to load a ClassLoader MBean, etc.).

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

Download Now

Module Name

exploit/multi/misc/java_jmx_server

Authors

Braden Thomas
juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

Generic (Java Payload)

Platforms

java

Architectures

java

Reliability

Excellent

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


      msf > use exploit/multi/misc/java_jmx_server
      msf exploit(java_jmx_server) > show targets
            ...targets...
      msf exploit(java_jmx_server) > set TARGET <target-id>
      msf exploit(java_jmx_server) > show options
            ...show and set options...
      msf exploit(java_jmx_server) > exploit

Related Vulnerabilities

VMSA-2015-0007: VMware ESXi OpenSLP Remote Code Execution (CVE-2015-2342)

Vulnerability & Exploit Database