漏洞描述
Red Hat Jboss AS 4.X及之前的版本中的JbossMQ实现过程的JMS over HTTP InvocationLayer的HTTPServerILServlet.java文件存在安全漏洞。远程攻击者可借助特制的序列化数据利用该漏洞执行任意代码。
JBoss 4.x JBossMQ JMS 反序列化漏洞(CVE-2017-7504)
PoC代码
暂无相关漏洞推荐
- POC CVE-2010-1429: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
- POC CVE-2017-12149: Jboss Application Server - Remote Code Execution
- POC CVE-2010-1871: JBoss CVE-2010-1871
- POC CVE-2017-12149: Java/Jboss Deserialization [RCE]
- POC CVE-2017-7504: JBoss 4.x JBossMQ JMS 反序列化漏洞
- POC jmx-default-password: JBoss JMX Console Weak Credential
- POC jboss-xml-console-unauthorized: JBoss JMX Console Weak Credential Discovery
- POC jboss-jbpm-default-login: JBoss jBPM Administration Console Default Login - Detect
- POC jmx-default-login: JBoss JMX Console Weak Credential Discovery
- POC jboss-seam-debug-page: Jboss Seam Debug Page Enabled
- POC jboss-web-service: JBoss Web Service Console - Detect
- (CVE-2025-2251)WildFly和JBoss EAP EJB远程调用反序列化漏洞导致远程代码执行
- JBOSS EAP/AS Remoting Unified Invoker 远程代码执行漏洞