Java Debug Wire Protocol Remote Code Execution Vulnerability - joss

Srivi picture Srivi · Apr 7, 2016 · Viewed 9.6k times · Source

Our security team found below issue with JDWP in jboss. How can I fix this ?

-Djavax.net.ssl.trustStorePassword=changeit -Dhttps.protocols=TLSv1 -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dorg.jboss.boot.log.file=/

Title: Java Debug Wire Protocol Remote Code Execution Vulnerability

Severity: Critical

Description

Affected Hosts

  • IP address:tcp/8787

The remote server is running Java Debug Wire Protocol service. No authentication is required if the service is enabled.

The vulnerabilities can be exploited by malicious users to execute arbitrary code.

Remediation

Disable the service

Proof of Concept

Java Debug Wire Protocol Remote Code Execution Vulnerability detected on port 8787 over TCP.

Thanks, Vishnu

Answer

delephin picture delephin · Nov 28, 2019

You just need to disable the remote debugging. Change your command options to:

-Djavax.net.ssl.trustStorePassword=changeit -Dhttps.protocols=TLSv1 -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dorg.jboss.boot.log.file=/