.. / CVE-2015-7450

Exploit for IBM WebSphere Java Object Deserialization - Remote Code Execution (CVE-2015-7450)

Description:

IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).

Nuclei Template

View the template here CVE-2015-7450.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2015/CVE-2015-7450.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2015-7450
http://www-01.ibm.com/support/docview.wss?uid=swg21972799
http://www-01.ibm.com/support/docview.wss?uid=swg21970575
https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/