CVEs-PoC/2015/CVE-2015-7253.md

CVE-2015-7253

Description

The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.

POC

Reference

• http://www.kb.cert.org/vuls/id/866432

Github

• https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
• https://github.com/BrittanyKuhn/javascript-tutorial
• https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
• https://github.com/PalindromeLabs/Java-Deserialization-CVEs
• https://github.com/klausware/Java-Deserialization-Cheat-Sheet
• https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet