漏洞描述
Restlet是美国Restlet公司的一个轻量级的REST框架。该框架能够将Web站点和Web服务组装到一个统一的Web应用程序中。 Restlet 2.1.4之前的版本中的ObjectRepresentation类的默认配置中存在安全漏洞,该漏洞源于程序使用Java XMLDecoder反序列化来自不可信资源的对象。远程攻击者可借助特制的XML文档利用该漏洞执行任意Java代码。
Restlet Framework XML Deserialization 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-49533: Adobe Experience Manager Forms - Insecure Deserialization
- POC CVE-2024-28986: SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization
- Astro Web Framework Cloudflare /_image 服务器端请求伪造漏洞(CVE-2025-58179)
- Spring Framework路径遍历漏洞(CVE-2024-38819)
- Vmware Spring Framework 逻辑缺陷漏洞
- fastjson-rce-all: Fastjson Deserialization RCE
- OpenOrange Business Framework访问控制错误漏洞(CVE-2024-42048)
- POC CVE-2017-1000353: Jenkins CLI - Java Deserialization
- POC CVE-2020-0646: Microsoft .NET Framework - Remote Code Execution
- POC CVE-2024-55556: InvoiceShelf <= 1.3.0 - PHP Deserialization
- POC spring4shell-CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- POC CVE-2015-7450: IBM WebSphere Java Object Deserialization - Remote Code Execution
- POC CVE-2016-6601: ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion