Posted on Friday 8th March 2019
BaRMIe is a tool for enumerating and attacking services built using Java’s Remote Method Invocation (RMI), including Java Management Extensions (JMX).
The tool enables security professionals to identify weaknesses affecting applications and services that use the RMI protocol, and to exploit those weaknesses to gain a foothold during a penetration test.
Visit BaRMIe on GitHub for more information and to download the tool and source code.
Posted on Tuesday 10th April 2018
| Vendor: | Adobe |
|---|---|
| Product: | ColdFusion |
| Affected Version(s): | ColdFusion 9 (all versions), ColdFusion 11 update 13 and below, ColdFusion 2016 update 5 and below |
| Severity: | Critical |
| Reference: | CVE-2018-4939 |
| Researcher: | Nicky Bloor (@NickstaDB) |
| Links: |
When Adobe ColdFusion’s Flex integration is enabled and configured to use Java RMI, a network service is exposed that allows arbitrary Java objects to be deserialized. By supplying a specially crafted object to this service an unauthenticated attacker could trigger the execution of arbitrary code on the server.
Correct remediation of this vulnerability involves updating both Adobe ColdFusion and the Java runtime environment that it is configured to use. ColdFusion should be updated to a version greater than 11 update 12 or greater than 2016 update 4.
Posted on Tuesday 12th September 2017
| Vendor: | Adobe |
|---|---|
| Product: | ColdFusion |
| Affected Version(s): | ColdFusion 9 (all versions), ColdFusion 11 update 12 and below, ColdFusion 2016 update 4 and below |
| Severity: | Critical |
| Reference: | CVE-2017-11284 |
| Researcher: | Nicky Bloor (@NickstaDB) |
| Links: |
Affected versions of Adobe ColdFusion were bundled with an outdated Java runtime environment. When Adobe ColdFusion’s Flex integration was enabled and configured to use Java RMI, arbitrary objects could be bound to the RMI registry service. A specially crafted object could enable an unauthenticated attacker to trigger the execution of arbitrary code on the server.
Correct remediation of this vulnerability involves updating both Adobe ColdFusion and the Java runtime environment that it is configured to use. ColdFusion should be updated to a version greater than 11 update 12 or greater than 2016 update 4.
Posted on Tuesday 12th September 2017
| Vendor: | Adobe |
|---|---|
| Product: | ColdFusion |
| Affected Version(s): | ColdFusion 9 (all versions), ColdFusion 11 update 12 and below, ColdFusion 2016 update 4 and below |
| Severity: | Critical |
| Reference: | CVE-2017-11283 |
| Researcher: | Nicky Bloor (@NickstaDB) |
| Links: |
When Adobe ColdFusion’s Flex integration is enabled and configured to use Java RMI, a network service is exposed that allows arbitrary Java objects to be deserialized. By supplying a specially crafted object to this service an unauthenticated attacker could trigger the execution of arbitrary code on the server.
Correct remediation of this vulnerability involves updating both Adobe ColdFusion and the Java runtime environment that it is configured to use. ColdFusion should be updated to a version greater than 11 update 12 or greater than 2016 update 4.
Posted on Tuesday 17th January 2017
| Vendor: | Oracle |
|---|---|
| Product: | Java |
| Affected Version(s): | Java SE 6 <= 6u131, Java SE 7 <= 7u121, Java SE 8 <= 8u112, Java SE Embedded <= 8u111, JRockit <= R28.3.12 |
| Severity: | Critical |
| Reference: | CVE-2017-3241 |
| Researcher: | Nicky Bloor (@NickstaDB) |
| Links: |
When an object is bound to Java’s RMI (remote method invocation) registry, Java deserializes the object without proper validation. This could lead to an unauthenticated attacker executing arbitrary code on the underlying server.
Upgrade Java to a version that is greater than 6u131, 7u121, or 8u112. Java SE Embedded should be upgraded to a version greater than 8u111 and JRockit should be upgraded to a version greater than R28.3.12.