mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2015-5348
Description
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
POC
Reference
- http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html
- http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet