CVE-2015-2342

VMware vCenter Server 5.0-5.5 and 6.0 - Remote Code Execution via JMX RMI MBean Registration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2342. PoCs published by Metasploit, rocktheboat, Braden Thomas, juan vazquez, including Metasploit module auxiliary/scanner/misc/java_jmx_server.

AI-analyzed exploit summary This Metasploit module exploits an insecure Java JMX server configuration to achieve remote code execution by loading malicious classes from a remote HTTP URL. It targets JMX interfaces with disabled or weakly configured authentication.

Description

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/36101

This Metasploit module exploits an insecure Java JMX server configuration to achieve remote code execution by loading malicious classes from a remote HTTP URL. It targets JMX interfaces with disabled or weakly configured authentication.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Java JMX Server (insecure configurations)
No auth needed
Prerequisites: JMX server with authentication disabled or weak configuration · Network access to the JMX server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
by rocktheboat · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/java_jmx_server.rb

This Metasploit module scans for Java JMX endpoints and detects insecure configurations that could lead to remote code execution. It performs RMI protocol checks and handshakes to identify vulnerable JMX MBean servers.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Java JMX Server (versions with insecure RMI endpoints)
No auth needed
Prerequisites: Network access to the target JMX RMI port (default 1099) · JMX RMI service exposed without authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Braden Thomas, juan vazquez · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_jmx_server.rb

This Metasploit module exploits insecure Java JMX server configurations to achieve remote code execution by loading malicious classes from a remote HTTP URL. It targets JMX interfaces with disabled or weakly configured authentication.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Java JMX Server (insecure configurations)
No auth needed
Prerequisites: JMX server with insecure configuration (e.g., authentication disabled or weak security manager) · Network access to the JMX RMI interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033720
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-455
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76930
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2015-0007.html

Scores

EPSS 0.8905
EPSS Percentile 99.8%

Details

Status published
Products (4)
vmware/vcenter_server 5.0
vmware/vcenter_server 5.1
vmware/vcenter_server 5.5
vmware/vcenter_server 6.0
Published Oct 12, 2015
Tracked Since Feb 18, 2026