Java JMX Agent Insecure Configuration

High Nessus Plugin ID 118039

Synopsis

A remote Java JMX agent is configured without SSL client and password authentication.

Description

A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent.

Moreover, this insecure configuration could allow the attacker to create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, the attacker could execute arbitrary code on the remote host under the security context of the remote Java VM.

Solution

Enable SSL client or password authentication for the JMX agent.

Plugin Details

Severity: High

ID: 118039

File Name: java_jmx_insecure.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 2018/10/10

Modified: 2018/10/11

Dependencies: 22227

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Unauthenticated remote attacker may be able to achieve rce under the security context of the remote java vm.

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:oracle:jre