.. / CVE-2017-1000486

Exploit for Primetek Primefaces 5.x - Remote Code Execution (CVE-2017-1000486)

Description:

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.

Nuclei Template

View the template here CVE-2017-1000486.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-1000486.yaml
Copy

References:

https://github.com/pimps/CVE-2017-1000486
https://github.com/mogwailabs/CVE-2017-1000486
https://cryptosense.com/weak-encryption-flaw-in-primefaces/
https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html