Detections
Analytics

Java JMX Agent Insecure Configuration

high Nessus Plugin ID 118039

Language:

Synopsis

A remote Java JMX agent is configured without SSL client and password authentication.

Description

A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent.

Moreover, this insecure configuration could allow the attacker to create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, the attacker could execute arbitrary code on the remote host under the security context of the remote Java VM.

Solution

Enable SSL client or password authentication for the JMX agent.

See Also

http://www.nessus.org/u?3d7065e0

http://www.nessus.org/u?ff9fe54a

Plugin Details

Severity: High

ID: 118039

File Name: java_jmx_insecure.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 10/10/2018

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Unauthenticated remote attacker may be able to achieve rce under the security context of the remote java vm.

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:oracle:jre