Java RMI Protocol Detection Scanner
Misconfigured RMI Registry and RMI Activation Services allowing the loading of classes from a remote URL.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
7 seconds
Time Interval
2 months 29 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
What is Java RMI?
Java RMI server is a virtual entity exposed over the network that allows other remote parties (clients) to execute methods on a system (technically a JVM running on that system) on which it is running. It’s nothing exceptional in the programming world — where similar concepts like Remote Procedure Call (RPC) are widely used.
Thus, by running an exposed RMI Server on a system, one can allow external actors to interact with it and possibly execute methods on the RMI Server. These methods should be defined within the Server implementation. Once they are called by a client, they will be executed on the Server and the return values will be returned to the client.
