Java Debug Wire Protocol remote code execution

Description

The Java Debug Wire Protocol (JDWP) is the protocol used for communication between a debugger and the Java virtual machine (VM) which it debugs (hereafter called the target VM). JDWP is one layer within the Java Platform Debugger Architecture (JPDA). JDWP does not use any authentication and could be abused by an attacker to execute arbitrary code on the affected server.

Remediation

Java Debug Wire Protocol (JDWP) should be disabled in production systems.

References
Severity
Classification
Tags
  • Abuse Of Functionality  Configuration