Java Debug Wire Protocol Detection

high Nessus Plugin ID 58400

Synopsis

A debugger service is running on the remote host.

Description

A Java Debug Wire Protocol (JDWP) server was detected on the remote host. This is a network protocol that allows debugging of a remote Java virtual machine. Authentication is not required to access this service. A remote, unauthenticated attacker could connect to this service and execute arbitrary Java code.

Depending on the application being debugged, it is possible that this service will stop running after it has been detected by Nessus. As such, this plugin only runs if 'Safe checks' have been disabled.

Solution

Filter incoming traffic to this port or disable this service.

See Also

https://docs.oracle.com/javase/1.5.0/docs/guide/jpda/

https://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdwp-spec.html

Plugin Details

Severity: High

ID: 58400

File Name: jdwp_detect.nasl

Version: 1.8

Type: remote

Published: 3/20/2012

Updated: 10/19/2022

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on in depth analysis by tenable.

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: Settings/ThoroughTests

Excluded KB Items: global_settings/disable_service_discovery