id: java-rmi-detect
info:
name: Detect Java RMI Protocol
author: F1tz
severity: info
tags: network,rmi,java
description: |
A security vulnerability in the Remote Method Invocation component of the Java Runtime Environment allows unauthenticated network attacks which can result in unauthorized operating system takeover including arbitrary code execution.
network:
- inputs:
- data: "{{hex_decode('4a524d4900024b')}}"
host:
- "{{Hostname}}"
read-size: 1024
matchers:
- type: regex
part: raw
regex:
- "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"