Jboss 4 X Jbossmq Jms Deserialization Vulnerability Cve 2017 7504
Jboss 4 X Jbossmq Jms Deserialization Vulnerability Cve 2017 7504
JBoss 4.x JBossMQ JMS Deserialization Vulnerability CVE-2017-7504
Vulnerability Description
Red Hat JBoss Application Server is an open source application server based on JavaEE.
Affect Version
JBoss AS 4.x and previous versions
Environment construction
https://github.com/vulhub/vulhub.git
cd vulhub/jboss/CVE-2017-7504
docker-compose build
docker-compose up -d
Vulnerability reappears
Access the console
Use the tool Jexboss to scan the vulnerability
python3 jexboss.py -host https://192.168.51.133:8080
Successfully exploit the vulnerability to execute commands
This post is licensed under CC BY 4.0 by the author.