漏洞描述
攻击者利用 jdwp 协议,通过精心构造的 payload 可以实现远程代码执行。
Java Debug 远程调试接口远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC imageresizer-debug-exposure: ImageResizer Debug - Information Exposure
- POC wp-members-log-disclosure: WordPress Members Plugin - Debug/Error Log Disclosure
- POC CVE-2013-3827: Javafaces LFI
- POC CVE-2017-12637: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
- POC CVE-2017-12794: Django Debug Page - Cross-Site Scripting
- POC CVE-2019-11248: Debug Endpoint pprof - Exposure Detection
- POC CVE-2020-6287: SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
- POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
- POC CVE-2021-37573: Tiny Java Web Server - Cross-Site Scripting
- POC CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 - Template Injection
- POC CVE-2023-29827: Embedded JavaScript(EJS) 3.1.6 - Template Injection
- POC CVE-2025-46822: Java-springboot-codebase 1.1 - Arbitrary File Read
- POC CVE-2017-12149: Java/Jboss Deserialization [RCE]