RCE attempt using Java serialized class known to be vulnerable to unsafe deserialization


Description   A unserialize vulnerability has been found in several Java libraries. This vulnerability can be exploited in several software using those libraries (JBoss, Jenkins, WebLogic, ...)
     
Default
configuration 		 
Profiles High Medium Low Internet
Action Block Block Pass Block
Alarm Level Major Major Ignore Major
     
References   URL: https://github.com/kantega/notsoserial
URL: https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
URL: http://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization
URL: https://github.com/frohoff/ysoserial
     
Available since   ASQ v5.0.0
     
Protects   WordPress Third-Party Plugins Multiple Vulnerabilities
Apache Camel Java Object Deserialization Vulnerabilities Fixed by 2.16.5, 2.17.5 and 2.18.2
Apache Groovy Remote Code Execution Vulnerability Fixed by 2.4.8
Red Hat JBoss Enterprise Application Platform JMX Serialization Remote Code Execution Vulnerability
Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability
Spring AMQP Remote Code Execution Vulnerability Fixed by 1.6 M2 and 1.5.5
Java Remote Method Invocation Remote Code Execution Vulnerability
100 last CVE   CVE-2017-9337
CVE-2017-9336
CVE-2017-3159
CVE-2017-2168
CVE-2017-15708
CVE-2017-1002022
CVE-2017-1002021
CVE-2017-1002020
CVE-2017-1002019
CVE-2017-1002018
CVE-2017-1002017
CVE-2016-8749
CVE-2016-7065
CVE-2016-6814
CVE-2016-4398
CVE-2016-4369
CVE-2016-4368
CVE-2016-2510
CVE-2016-2173
CVE-2016-1998
CVE-2016-1997
CVE-2016-1114
CVE-2016-1000031
CVE-2016-0958
CVE-2015-8103
CVE-2015-7501
CVE-2015-7450
CVE-2015-6934
CVE-2015-6420
CVE-2015-5344
CVE-2015-4852


 
 
 
 
 Risk level 
High