EN
Русский
TCP
Dangerous
Other
Port 1099 (Java RMI)
Learn about port 1099 (Java RMI) - security risks, vulnerabilities, and common uses. Find devices with port 1099 open.
Quick Info
Port Number
1099
Protocol
TCP
Service
Java RMI
IANA Name
Java RMI
Service Description
Port 1099 (TCP) is primarily associated with Java Remote Method Invocation (RMI) Registry service. RMI allows Java objects running in different Java Virtual Machines (JVMs) to communicate with each other, even if they reside on different hosts. The RMI Registry acts as a naming service, allowing remote objects to be bound to names and looked up by clients. When an RMI server starts, it binds its remote objects to names in the RMI Registry, typically running on port 1099. Clients then connect to the registry, look up the remote object by its name, and obtain a stub representing the remote object. Subsequent method calls are then made directly to the remote object, possibly on a different port than 1099.
The RMI protocol itself is built on top of Java's object serialization, allowing complex objects to be passed between JVMs. The RMI Registry uses a custom protocol for registration and lookup. After a client obtains a stub, the actual communication between the client and the remote object usually occurs on a dynamically allocated port. The RMI Registry, therefore, acts as an initial bootstrapping mechanism. While historically port 1099 was the default, applications can configure the RMI Registry to listen on other ports, and the actual remote object communication will occur on a different port chosen dynamically or configured by the application.
## Firewall Recommendations
If the RMI Registry is not required for external access, it is highly recommended to block port 1099 (TCP) from any external networks. If external access is necessary, consider using a VPN or other secure tunnel to restrict access to authorized users. Implement strong authentication and authorization mechanisms for the RMI Registry to prevent unauthorized access. Regularly audit the RMI Registry configuration and update the Java Runtime Environment (JRE) to the latest version to patch any known vulnerabilities. Use firewalls to restrict access to only trusted IP addresses. Consider using application-level firewalls to inspect the RMI traffic and prevent malicious payloads. Monitor network traffic for suspicious activity, such as connections from unexpected IP addresses or unusual data patterns. Avoid exposing the RMI Registry directly to the internet if possible; consider alternative communication methods like REST APIs or message queues if external access is required.
The RMI protocol itself is built on top of Java's object serialization, allowing complex objects to be passed between JVMs. The RMI Registry uses a custom protocol for registration and lookup. After a client obtains a stub, the actual communication between the client and the remote object usually occurs on a dynamically allocated port. The RMI Registry, therefore, acts as an initial bootstrapping mechanism. While historically port 1099 was the default, applications can configure the RMI Registry to listen on other ports, and the actual remote object communication will occur on a different port chosen dynamically or configured by the application.
## Firewall Recommendations
If the RMI Registry is not required for external access, it is highly recommended to block port 1099 (TCP) from any external networks. If external access is necessary, consider using a VPN or other secure tunnel to restrict access to authorized users. Implement strong authentication and authorization mechanisms for the RMI Registry to prevent unauthorized access. Regularly audit the RMI Registry configuration and update the Java Runtime Environment (JRE) to the latest version to patch any known vulnerabilities. Use firewalls to restrict access to only trusted IP addresses. Consider using application-level firewalls to inspect the RMI traffic and prevent malicious payloads. Monitor network traffic for suspicious activity, such as connections from unexpected IP addresses or unusual data patterns. Avoid exposing the RMI Registry directly to the internet if possible; consider alternative communication methods like REST APIs or message queues if external access is required.
Security Information
Exposing the RMI Registry without proper security measures can introduce significant security risks. A common vulnerability is the ability for an attacker to bind arbitrary objects into the registry, potentially leading to remote code execution. If the RMI Registry is accessible from untrusted networks, an attacker can register a malicious object that, when looked up and invoked by a legitimate client, executes arbitrary code on the server. This is often exploited by deserialization vulnerabilities, where the attacker crafts a serialized object that, when deserialized by the RMI server, triggers the execution of malicious code. Improperly configured or outdated RMI services are frequently targeted by attackers seeking to gain unauthorized access to systems and data. The lack of authentication or authorization checks on the RMI Registry can exacerbate these risks.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2017-7504 | JBoss RMI Invoker Unmarshalling Vulnerability | Critical | Уязвимость в JBoss, позволяющая удаленному злоумышленнику выполнить произвольный код путем десериализации вредоносного объекта через RMI Invoker. |
| CVE-2015-4852 | Oracle WebLogic Server WLS Security Component Deserialization Vulnerability | Critical | Уязвимость в Oracle WebLogic Server, позволяющая удаленному злоумышленнику выполнить произвольный код путем десериализации вредоносного объекта через RMI. |
| CVE-2016-3427 | Oracle WebLogic Server Deserialization RMI Vulnerability | Critical | Уязвимость в Oracle WebLogic Server, позволяющая удаленному злоумышленнику выполнить произвольный код путем десериализации вредоносного объекта через RMI. |
| CVE-2016-0792 | Apache ActiveMQ Deserialization Vulnerability | High | Уязвимость в Apache ActiveMQ, позволяющая удаленному злоумышленнику выполнить произвольный код путем десериализации вредоносного объекта через RMI (JMX). |
Common Software
- Apache Tomcat
- JBoss/WildFly
- WebLogic Server
- GlassFish
- Spring Boot applications using RMI
- IBM WebSphere Application Server
- Custom Java applications using RMI
- ActiveMQ (using RMI for JMX)
- Hazelcast (potentially for discovery)
- Solr (potentially for JMX)
Find devices with this port
Discover all devices with port 1099 open in any country.
Search Port 1099Find all devices with port 1099 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning