diff --git a/lib/msf/core/exploit/java/rmi/util.rb b/lib/msf/core/exploit/java/rmi/util.rb
index 0e351a291c..1cc87900a4 100644
--- a/lib/msf/core/exploit/java/rmi/util.rb
+++ b/lib/msf/core/exploit/java/rmi/util.rb
@@ -79,6 +79,21 @@ module Msf
               int
             end
 
+            # Extracts a byte from an IO
+            #
+            # @param io [IO] the io to extract the byte from
+            # @return [Byte, nil] the extracted byte if success, nil otherwise
+            def extract_byte(io)
+              byte_raw = io.read(1)
+              
+              unless byte_raw && byte_raw.length == 1
+                return nil
+              end
+              byte = byte_raw.unpack('C')[0]
+                      
+              byte
+            end
+
             # Extracts a long from an IO
             #
             # @param io [IO] the io to extract the long from
@@ -102,9 +117,17 @@ module Msf
             # @see Msf::Exploit::Remote::Java::Rmi::Client::Registry::Parser#parse_registry_lookup_endpoint
             def extract_reference(io)
               ref = extract_string(io)
-              unless ref && ref == 'UnicastRef'
+              unless ref && (ref == 'UnicastRef' || ref == 'UnicastRef2')
                 return nil
               end
+              
+              if ref == 'UnicastRef2'
+                form = extract_byte(io)
+
+                unless form == 0 || form == 1 # FORMAT_HOST_PORT or FORMAT_HOST_PORT_FACTORY
+                  return nil
+                end
+              end
 
               address = extract_string(io)
               return nil unless address