id: java-rmi-detect info: name: Java Remote Method Invocation Protocol - Detect author: F1tz severity: info description: | Java Remote Method Invocation protocol is susceptible to information disclosure. It allows for unauthenticated network attacks, which can result in unauthorized operating system takeover including arbitrary code execution. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: max-request: 1 tags: network,rmi,java,detect tcp: - inputs: - data: "{{hex_decode('4a524d4900024b')}}" host: - "{{Hostname}}" read-size: 1024 matchers: - type: regex part: raw regex: - "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"