mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
6.1 KiB
6.1 KiB
CVE-2017-12149
Description
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
POC
Reference
Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/1337g/CVE-2017-10271
- https://github.com/1337g/CVE-2017-12149
- https://github.com/1337g/CVE-2017-17215
- https://github.com/20142995/pocsuite
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AabyssZG/AWD-Guide
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Awrrays/FrameVul
- https://github.com/BarrettWyman/JavaTools
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/CrackerCat/myhktools
- https://github.com/DSO-Lab/pocscan
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GGyao/jbossScan
- https://github.com/GhostTroops/TOP
- https://github.com/GhostTroops/myhktools
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/Jean-Francois-C/Windows-Penetration-Testing
- https://github.com/JesseClarkND/CVE-2017-12149
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/MrE-Fog/jboss-_CVE-2017-12149
- https://github.com/MrE-Fog/jbossScan
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/NetW0rK1le3r/awesome-hacking-lists
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/Sathyasri1/JavaDeserH2HC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/TSY244/scan_node
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Tyro-Shan/gongkaishouji
- https://github.com/VVeakee/CVE-2017-12149
- https://github.com/Weik1/Artillery
- https://github.com/Xcatolin/jboss-deserialization
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/Penetration_PoC
- https://github.com/ZTK-009/RedTeamer
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/aymankhder/Windows-Penetration-Testing
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bfengj/CTF
- https://github.com/chalern/Pentest-Tools
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/do0dl3/myhktools
- https://github.com/dudek-marcin/Poc-Exp
- https://github.com/enomothem/PenTestNote
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/fupinglee/JavaTools
- https://github.com/gallopsec/JBossScan
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/hktalent/myhktools
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/hungslab/awd-tools
- https://github.com/ianxtianxt/CVE-2015-7501
- https://github.com/ilmila/J2EEScan
- https://github.com/iqrok/myhktools
- https://github.com/jbmihoub/all-poc
- https://github.com/jiangsir404/POC-S
- https://github.com/jinhaozcp/weblogic
- https://github.com/joaomatosf/JavaDeserH2HC
- https://github.com/jreppiks/CVE-2017-12149
- https://github.com/jstang9527/gofor
- https://github.com/jweny/pocassistdb
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/koutto/jok3r-pocs
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lnick2023/nicenice
- https://github.com/merlinepedra/JavaDeserH2HC
- https://github.com/merlinepedra25/JavaDeserH2HC
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/nihaohello/N-MiddlewareScan
- https://github.com/onewinner/VulToolsKit
- https://github.com/ozkanbilge/Java-Reverse-Shell
- https://github.com/password520/Penetration_PoC
- https://github.com/password520/RedTeamer
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pentration/gongkaishouji
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/r0eXpeR/redteam_vul
- https://github.com/readloud/Awesome-Stars
- https://github.com/ronoski/j2ee-rscan
- https://github.com/sevck/CVE-2017-12149
- https://github.com/superfish9/pt
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tdcoming/Vulnerability-engine
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/veo/vscan
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/x-f1v3/Vulnerability_Environment
- https://github.com/xbl2022/awesome-hacking-lists
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji
- https://github.com/yunxu1/jboss-_CVE-2017-12149
- https://github.com/znznzn-oss/Jboss