Skip to content

mbadanoiu/CVE-2023-26269

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2023-26269: Misconfigured JMX in Apache James

By default Apache James opens a JMXRMI service that listens on localhost, port 9999. Because the JMX is misconfigured to allow unauthenticated access, an attacker that has local access to the machine running James can use a “MLet attack” in order to load arbitrary MBeans and execute malicious Java code.
Because the application requires elevated privileges to listen on SMTP, POP3, IMAP (25, 110, 143) ports, the application will usually be run as the “root” user increasing the impact of a potential Local Privilege Escalation (LPE) attack.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Proof Of Concept:

More details and the exploitation process can be found in this PDF.