CVE-2016-2173 - Remote Code Execution in Spring AMQP - App Test

Description

The class org.springframework.core.serializer.DefaultDeserializer does not validate the deserialized object against a whitelist. By supplying a crafted serialized object like Chris Frohoff's Commons Collection gadget, remote code execution can be achieved.

Versions Affected

1.0.0 to 1.5.4

Vendor

Spring by Pivotal

Install

- Maven 3.x+
- Java 1.7+
- [RabbitMQ](https://www.rabbitmq.com/download.htm)

Run App Vulnerbility

- mvn eclipse:eclipse
- import project
- run project (App)

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
Exploit		Exploit
src		src
target		target
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2016-2173 - Remote Code Execution in Spring AMQP - App Test

Description

Versions Affected

Vendor

Install

Run App Vulnerbility

About

Releases

Packages

Languages

HaToan/CVE-2016-2173

Folders and files

Latest commit

History

Repository files navigation

CVE-2016-2173 - Remote Code Execution in Spring AMQP - App Test

Description

Versions Affected

Vendor

Install

Run App Vulnerbility

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages