JDWPEx

JDWP Remote Code Execution Exploit A Python 3 implement...

PT-2025-46862

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security issue exists in Keycloak where enabling debug mode with the --debug flag insecurely binds the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes th...

EUVD-2018-17255

Malware in sbrugna...

EUVD-2016-4903

Malware in sbrugna...

EUVD-2021-7495

Malicious code in bioql PyPI...

Java Debug Wire Protocol (JDWP) Service Public WAN (Internet) / Public LAN Accessible

The script checks if the target host is running a Java Debug Wire Protocol JDWP service accessible from a public WAN Internet / public LAN. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2023-49693 NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol JDWP listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code...

Remote code execution

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol JDWP interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier...

SonicWall Analytics Remote Command Execution via Java Debug Wire Protocol

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol JDWP interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. CVE: CVE-2021-20032 Last updated: Aug. 10, 2021, 2:...

Java Debug Wire Protocol (JDWP) Service Detection (TCP)

TCP based detection of services supporting the Java Debug Wire Protocol JDWP. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

Java Debug Wire Protocol (JDWP) - Remote Code Execution

Java Debug Wire Protocol JDWP - Remote Code Execution !/usr/bin/python Universal JDWP shellifier @hugsy And special cheers to @lanjelot import socket import time import sys import struct import urllib import argparse JDWP protocol variables HANDSHAKE = "JDWP-Handshake" REQUESTPACKETTYPE = 0x00...

USN-3130-1 openjdk-7 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

Ubuntu: Security Advisory (USN-3121-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...