漏洞描述
具有对 JBOSS EAP/AS 版本 6.x 及以下 Remoting Unified Invoker 接口的网络访问权限的未经身份验证的攻击者可以将序列化对象发送到该接口,以在易受攻击的主机上执行代码。
JBOSS EAP/AS Remoting Unified Invoker 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-0799: Arcserve Unified Data Protection - Authentication Bypass
- POC CVE-2024-0801: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
- Securden Unified PAM 认证绕过漏洞(CVE-2025-53118)
- POC CVE-2011-3315: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
- POC CVE-2013-5528: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
- POC CVE-2018-17431: Comodo Unified Threat Management Web Console - Remote Code Execution
- POC CVE-2020-16139: Cisco Unified IP Conference Station 7937G - Denial-of-Service
- POC CVE-2024-29059: .NET Framework - Leaking ObjRefs via HTTP .NET Remoting
- POC CVE-2025-53118: Securden Unified PAM - Authentication Bypass
- POC CNVD-2021-14536: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
- POC cisco-unified-communications-log4j-rce: Cisco Unified Communications - Remote Code Execution (Apache Log4j)
- POC cucm-username-enumeration: Cisco Unified Call Manager Username Enumeration
- 关于U8cloud所有版本InvokerServlet接口反序列化等漏洞的安全公告