2021-05-11 11:07:05 +00:00
id : CVE-2017-12149
info :
2022-05-12 14:04:18 +00:00
name : Jboss Application Server - Remote Code Execution
2021-05-11 11:07:05 +00:00
author : fopina
severity : critical
2022-05-17 09:18:12 +00:00
description : Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing an attacker to execute arbitrary code via crafted serialized data.
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://chowdera.com/2020/12/20201229190934023w.html
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
2022-05-12 14:04:18 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2017-12149
2022-05-17 09:18:12 +00:00
- https://bugzilla.redhat.com/show_bug.cgi?id=1486220
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2017-12149
cwe-id : CWE-502
2022-04-22 10:38:41 +00:00
tags : cve,cve2017,jboss,java,rce,deserialization
2021-05-11 11:07:05 +00:00
requests :
- raw :
- |
POST /invoker/JMXInvokerServlet/ HTTP/1.1
Host : {{Hostname}}
Content-Type : application/octet-stream
{{ base64_decode("rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==") }}
2022-05-12 14:04:18 +00:00
2021-05-11 11:07:05 +00:00
- |
POST /invoker/EJBInvokerServlet/ HTTP/1.1
Host : {{Hostname}}
Content-Type : application/octet-stream
{{ base64_decode("rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==") }}
2021-05-11 18:17:09 +00:00
2021-05-11 11:07:05 +00:00
matchers-condition : and
matchers :
- type : word
2022-05-12 14:04:18 +00:00
part : body
2021-05-11 11:07:05 +00:00
words :
- "ClassCastException"
2021-05-11 18:17:09 +00:00
- type : word
2022-05-12 14:04:18 +00:00
part : header
2021-05-11 18:17:09 +00:00
words :
- "application/x-java-serialized-object"
2022-05-12 14:04:18 +00:00
# Enhanced by mp on 2022/05/11