mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
3.2 KiB
3.2 KiB
CVE-2017-7504
Description
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
POC
Reference
No PoCs from references.
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AabyssZG/AWD-Guide
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/ArrestX/--POC
- https://github.com/Awrrays/FrameVul
- https://github.com/BarrettWyman/JavaTools
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/DSO-Lab/pocscan
- https://github.com/GGyao/jbossScan
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/HimmelAward/Goby_POC
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/MrE-Fog/jbossScan
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/Sathyasri1/JavaDeserH2HC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Weik1/Artillery
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/RedTeamer
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/chaosec2021/fscan-POC
- https://github.com/cyberharsh/jboss7504
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/dudek-marcin/Poc-Exp
- https://github.com/enomothem/PenTestNote
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/fupinglee/JavaTools
- https://github.com/gallopsec/JBossScan
- https://github.com/hungslab/awd-tools
- https://github.com/ianxtianxt/CVE-2015-7501
- https://github.com/joaomatosf/JavaDeserH2HC
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/koutto/jok3r-pocs
- https://github.com/lnick2023/nicenice
- https://github.com/mamba-2021/fscan-POC
- https://github.com/merlinepedra/JavaDeserH2HC
- https://github.com/merlinepedra25/JavaDeserH2HC
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/ozkanbilge/Java-Reverse-Shell
- https://github.com/password520/RedTeamer
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/r0eXpeR/redteam_vul
- https://github.com/shengshengli/fscan-POC
- https://github.com/tdcoming/Vulnerability-engine
- https://github.com/xbl3/awesome-cve-poc_qazbnm456