Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to analyze CVE-2015-7504 and CVE-2013-4810 deserialized by JBOSS

2025-01-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

How to analyze JBOSS deserialization of CVE-2015-7504 and CVE-2013-4810, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Cause of 0x00 CVE-2015-7504 vulnerability

In JBoss AS 4.x and previous versions, there is a deserialization vulnerability in the HTTPServerILServlet.java file of JMS over HTTP Invocation Layer in JbossMQ implementation process. Take a look at the file source code:

Let's first look at the doGet function.

That is, if we can access the / jbossmq-httpil/HTTPServerILServlet of the website and get the output, it means that the interface is open and accessible, like this:

If you look at the doPost method, you don't have to look at the steps such as the log log above, just see that it calls the processRequest method of the HTTPServerILServlet class.

The source code of the processRequest method:

What else do you say when you are readObject, the direct reflection chain is over.

On POC, you can use tools, but handwriting is more comfortable. There are all previous articles, so I'll type it here.

0x01 POC recurrence

Send POC to see if a new file has been created

0x02 CVE-2013-4810

The reason is that the method of receiving POST requests of some class under the old invoker reads the object information of the input stream directly.

There are no specific steps to reproduce, so let's do it first, but there are still steps to judge.

Visit / invoker/EJBInvokerServlet

If you can access it, there will be a loophole, just POC on this URL.

After reading the above, have you mastered how to analyze CVE-2015-7504 and CVE-2013-4810 deserialized by JBOSS? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Method sequence content reason file step loophole analysis more source code or problem faceted comfortable helpless for this no information function finished vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Xiaomi OPPO Reno Microsoft Apple vpn Huawei NVidia Shulou Technology Linux Redmi macOS MariaDB Docker Shulou Tech Info Shulou Information MySQL Xiaomi OPPO Reno Microsoft Apple vpn Huawei NVidia Shulou Technology Linux Redmi macOS MariaDB Docker Shulou Tech Info Shulou Information MySQL

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report