Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Java Debug Wire Protocol remote code execution - Vulnerability Database

Java Debug Wire Protocol remote code execution

Description

The Java Debug Wire Protocol (JDWP) is the protocol used for communication between a debugger and the Java virtual machine (VM) which it debugs (hereafter called the target VM). JDWP is one layer within the Java Platform Debugger Architecture (JPDA). JDWP does not use any authentication and could be abused by an attacker to execute arbitrary code on the affected server.

Remediation

Java Debug Wire Protocol (JDWP) should be disabled in production systems.

References

Hacking the Java Debug Wire Protocol

Related Vulnerabilities

XML entity injection High
Common tags: Abuse Of Functionality Configuration
PHP unserialize() used on user input Medium
Common tags: Abuse Of Functionality Code Execution
Unrestricted access to Haproxy Data Plane API High
Common tags: Abuse Of Functionality Configuration
CodeIgniter weak encryption key High
Common tags: Configuration Code Execution
Ruby on Rails weak/known secret token High
Common tags: Configuration Code Execution

Severity

High

Classification

CWE-94
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality
Configuration
Code Execution