Java RMI Registry Class Loading Vulnerability Scanner
Tests whether Java rmiregistry allows class loading.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
Java RMI Registry Class Loading Vulnerability Scanner Detail
This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well.
Try it yourself,
control security posture
control security posture