Loading...

Java: Exploiting your "unreachable" JRMP/RMI/JMX endpoints [CVE-2018-2800]

In Summary : One of the more obscure features of JRMP, which forms the basis for RMI and ultimately JMX, is an alternate transport protocol...

In Summary :

One of the more obscure features of JRMP, which forms the basis for RMI and ultimately JMX, is an alternate transport protocol that encapsulates the message payloads in the body of HTTP POST requests. On the listener side this protocol will be automatically detected (by checking whether the message starts with POST) and request handling adjusted accordingly. In the Java standard library’s JRMP server implementation this magic was unconditionally enabled up to the April 2018 critical patch update (= 6u191, 7u181, 8u171). Support for this feature has already been removed in Java 9+ [...]

kindly refer the following link as follow up :
https://ift.tt/2s0Fnb6

Post a Comment

emo-but-icon

Home item

ADS

Popular Posts

Random Posts

Flickr Photo

StatCounter

View My Stats