cve/2016/CVE-2016-7065.md

CVE-2016-7065

Description

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

POC

Reference

• http://seclists.org/fulldisclosure/2016/Nov/143
• https://www.exploit-db.com/exploits/40842/

Github

• https://github.com/EdoardoVignati/java-deserialization-of-untrusted-data-poc
• https://github.com/PalindromeLabs/Java-Deserialization-CVEs