Security for everyone

Java RMI Registry Class Loading Vulnerability Scanner

Tests whether Java rmiregistry allows class loading.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Parent Category

Java RMI Registry Class Loading Vulnerability Scanner Detail

This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture