cve/CVE-2016-5003.md at 694ac234a19db48cd3b1f78eb5f461ab1f6c99f7

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

896 B

Raw Blame History

CVE-2016-5003

Description

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an ex:serializable element.

POC

Reference

http://www.openwall.com/lists/oss-security/2020/01/24/2

Github

https://github.com/PalindromeLabs/Java-Deserialization-CVEs
https://github.com/fbeasts/xmlrpc-common-deserialization
https://github.com/gteissier/xmlrpc-common-deserialization
https://github.com/slowmistio/xmlrpc-common-deserialization

896 B Raw Blame History

CVE-2016-5003

Description

POC

Reference

Github

896 B

Raw Blame History