Java: Exploiting your "unreachable" JRMP/RMI/JMX endpoints [CVE-2018-2800]
In Summary : One of the more obscure features of JRMP, which forms the basis for RMI and ultimately JMX, is an alternate transport protocol...
https://updatesinfosec.blogspot.com/2018/06/java-exploiting-your-unreachable.html
In Summary :
One of the more obscure features of JRMP, which forms the basis for RMI and ultimately JMX, is an alternate transport protocol that encapsulates the message payloads in the body of HTTP POST requests. On the listener side this protocol will be automatically detected (by checking whether the message starts with POST) and request handling adjusted accordingly. In the Java standard library’s JRMP server implementation this magic was unconditionally enabled up to the April 2018 critical patch update (= 6u191, 7u181, 8u171). Support for this feature has already been removed in Java 9+ [...]
kindly refer the following link as follow up :
https://ift.tt/2s0Fnb6
One of the more obscure features of JRMP, which forms the basis for RMI and ultimately JMX, is an alternate transport protocol that encapsulates the message payloads in the body of HTTP POST requests. On the listener side this protocol will be automatically detected (by checking whether the message starts with POST) and request handling adjusted accordingly. In the Java standard library’s JRMP server implementation this magic was unconditionally enabled up to the April 2018 critical patch update (= 6u191, 7u181, 8u171). Support for this feature has already been removed in Java 9+ [...]
kindly refer the following link as follow up :
https://ift.tt/2s0Fnb6