Name | java_jaxws |
CVE | CVE-2012-5076 |
Exploit Pack | CANVAS |
Description | Java Applet JAX-WS Remote Code Execution |
Notes | CVE Name: CVE-2012-5076 VENDOR: Sun Notes: Affected versions JDK and JRE 7 Update 7 and earlier Tested on: - Windows XP SP3 with JDK/JRE 7 update 6 To run from command line, first start the listener (UNIVERSAL): python commandlineInterface.py -l 192.168.1.10 -p 5555 -v 17 And then run the exploit from clientd: python ./exploits/clientd/clientd.py -l 192.168.1.10 -d 5555 -O server_port:8080 -O allowed_attack_modules:java_jaxws -O allowed_recon_modules:js_recon -O auto_detect_exploits:0 Repeatability: Infinite (client side - no crash) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076 Date public: 16/10/2012 |
Learn more about the CANVAS Exploit Pack here: CANVAS |