| Name | jboss6_jmxinvokerservlet_deserialize |
| CVE | CVE-2015-7501 |
| Exploit Pack | CANVAS |
| Description | jboss6_jmxinvokerservlet_deserialize |
| Notes | CVE Name: CVE-2015-7501 VENDOR: Red Hat NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK. JBoss AS6 has a remote monitoring servlet named JMXInvokerServlet. It communicates with a client by exchanging serialized Java Objects. Apache Commons pre-3.2 allows users to serialize transformers on collection values. Of importance to us is the InvokerTransfomer, which is capable of invoking Java methods. We are able to run these transformers by adding them to an annotation map whose members are acccessed. The right chain of method invocations leads to arbitrary code execution. NOTE: By default, JBoss6 starts the console/management interface on localhost:8080. For this module to work, the console/management interface needs to be accessible from the host that runs CANVAS. Version support: > Ubuntu Linux 14.04.3 - x86 - 6.0.0 on Java SE 6 / 7 / 8 - 4.2.0 on Java SE 6 / 7 / 8 - 4.2.1 on Java SE 7 - 4.2.3 on Java SE 7 > Windows 7 Ultimate SP 1 x86 - 6.0.0 on Java SE 6 / 7 - 6.0.0 on Java SE 8 FAILED - 4.2.0 on Java SE 6 / 7 - 4.2.0 on Java SE 8 FAILED - 4.2.1 on Java SE 6 / 7 - 4.2.1 on Java SE 8 FAILED - 4.2.3 on Java SE 6 / 7 - 4.2.3 on Java SE 8 FAILED Repeatability: Infinite References: ['http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/', 'https://access.redhat.com/security/cve/CVE-2015-7501', 'https://access.redhat.com/solutions/2045023'] CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |