/java-deserialization-exploits

A collection of curated Java Deserialization Exploits

Primary LanguagePython

Java Deserialization Exploits

A collection of curated Java Deserialization Exploits

Currently this repo contains exploits for the following vulnerabilities:

  • Cisco Prime Infrastructure Java Deserialization RCE (CVE-2016-1291)
  • IBM WebSphere Java Object Deserialization RCE (CVE-2015-7450)
  • OpenNMS Java Object Deserialization RCE (No CVE ?)
  • Jenkins CLI RMI Java Deserialization RCE (CVE-2015-8103)
  • Jenkins Groovy XML RCE (CVE-2016-0792)
  • Oracle WebLogic Server Java Object Deserialization RCE (CVE-2016-3510)
  • JBoss Java Deserialization RCE (CVE-2015-7501)