Java SE Mission Control Insecure Transport / Man-In-The-Middle
Posted on 19 January 2017
[+]################################################################################################## [+] Credits / Discovery: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/JAVA-SE-MISSION-CONTROL-MITM.txt [+] ISR: ApparitionSec [+]################################################################################################## Vendor: ============== www.oracle.com Product: ======================= Java SE Mission Control Oracle Java Mission Control is a tool suite for managing, monitoring, profiling, and troubleshooting your Java applications. Oracle Java Mission Control has been included in standard Java SDK since version 7u40. JMC consists of the JMX Console and the Java Flight Recorder. Vulnerability Type: ======================== Insecure Transport MITM CVE Reference: ============== CVE-2016-8328 Security Issue: ================ Java Mission Control is a sub component of Oracle Java SE. The remote vulnerability allows well positioned MITM attackers to tamper with and replace updates/downloaded *.JAR files to a victims system when using Java Mission Control "Install New Software" or Update features as it is over an insecure unencrypted transport. References: http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html Exploit/POC: ============= Get MITM position ARP Spoof etc, modify HTTP response to download arbitrary JAR file to victims system. Severity: ========= Medium Disclosure Timeline: ==================================== Vendor Notification: August 16, 2016 Vendor Confirmed: August 24, 2016 Vendor CPU release: January 17, 2017 January 18, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. hyp3rlinx